Communication Channel Vulnerability in UDP Console by Arcserve
CVE-2026-40118

5.1MEDIUM

Key Information:

Vendor: Arcserve
Status: Udp Console
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-40118?

The UDP Console by Arcserve has a vulnerability related to an incorrectly specified destination in its communication channel. This flaw can arise when a user sets the activation server hostname to a non-functional or dummy URL. As a result, the affected UDP Console may inadvertently establish communication with this incorrect domain, leading to potential information disclosure. It is crucial for users to ensure that their activation server configurations are accurate to mitigate this risk.

Affected Version(s)

UDP Console 10.3

References

https://support.arcserve.com/s/article/P00003790?language...

https://jvn.jp/en/jp/JVN88396700/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-40118 Data

JSON