Unauthorized Access Vulnerability in Arcane Product by Arcane
CVE-2026-23944

8HIGH

Key Information:

Vendor

Getarcaneapp

Status
Arcane
Vendor
CVE Published:
19 January 2026

What is CVE-2026-23944?

The Arcane interface for managing Docker containers has a significant vulnerability that allows unauthenticated requests to be proxied to remote environment agents. This loophole exists in versions prior to 1.13.2, where the environment proxy middleware mishandles requests to remote environments. As a result, unauthorized users can exploit these requests to access and manipulate remote environment resources, such as listing containers or streaming logs, without needing proper authentication. This poses serious risks, including potential data exposure and unauthorized changes to services. The vulnerability has been addressed in version 1.13.2.

Affected Version(s)

arcane < 1.13.2

References

https://github.com/getarcaneapp/arcane/security/advisorie...
x_refsource_CONFIRM
https://github.com/getarcaneapp/arcane/pull/1532
x_refsource_MISC
https://github.com/getarcaneapp/arcane/commit/2008e1b93b2...
x_refsource_MISC

CVSS V4

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.