PT-2026-23829 · Homarr · Homarr

Dxleryt

·

Publicado

2026-03-07

·

Atualizado

2026-03-10

·

CVE-2026-27796

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.54.0
Description The integration.all tRPC endpoint in Homarr is accessible to unauthenticated users, potentially exposing a list of configured integrations. This exposed metadata includes sensitive information such as internal service URLs, integration names, and service types. The issue was addressed in version 1.54.0.
Recommendations Update to version 1.54.0 or later.

Exploit

Correção

Missing Authorization

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-200

Identificadores relacionados

CVE-2026-27796
GHSA-M4VC-4PRP-CVP7

Produtos afetados

Homarr