anonhaven
Ad

CVE-2026-27796

MEDIUM CVSS 3.1: 5.3 EPSS 0.02%
Updated Mar 07, 2026
Homarr
Parameter Value
CVSS 5.3 (MEDIUM)
Fixed In 1.54.0
Type CWE-200 (Information Exposure), CWE-862 (Missing Authorization)
Vendor Homarr
Public PoC No

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types.

This issue has been patched in version 1.54.0.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-200 Information Exposure
CWE-862 Missing Authorization

References 3

https://github.com/homarr-labs/homarr/commit/91fc5a5c747121475a50f2713d571ceb89…
security-advisories@github.com
https://github.com/homarr-labs/homarr/releases/tag/v1.54.0
security-advisories@github.com
https://github.com/homarr-labs/homarr/security/advisories/GHSA-m4vc-4prp-cvp7
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33510

Homarr

8.8

CVE-2026-32602

Homarr

4.2

CVE-2026-27797

Homarr

5.3

CVE-2023-45908

Homarr

6.1