CVE-2026-27797

Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.54.0

Description An unauthenticated Server-Side Request Forgery (SSRF) exists in Homarr, allowing a remote attacker to force the server to perform arbitrary outbound HTTP requests. This can be used to access internal networks from the Homarr host or container network. The vulnerability is present in versions before 1.54.0. SSRF is a web security flaw that allows an attacker to cause the server to make HTTP requests to an arbitrary domain of the attacker’s choosing.

Recommendations Update to version 1.54.0 or later.