Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/getarcaneapp/arcane/backend

View on go registry
9 Total advisories
9 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 8.2
Go

CVE-2026-45627

Arcane Backend: Unauthenticated reflected XSS via SVG color parameter enables admin account takeover
HIGH 8.8
Go

CVE-2026-47125

Arcane: Missing admin authorization on global variables endpoint
HIGH 7.7
Go

CVE-2026-47179

Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives
MEDIUM 6.3
Go

CVE-2026-45626

Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter
CRITICAL 9.9
Go

CVE-2026-45625

Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs
UNKNOWN
Go

CVE-2026-42461

Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)

HIGH 7.2
Go

CVE-2026-40242

Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint
UNKNOWN
Go

CVE-2026-23520

Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend
CRITICAL 9.0
Go

CVE-2026-23520

Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes