Vulners
Lucene search
CVE-2026-45625
๐๏ธย 29 May 2026ย 17:10:57Reported byย GitHub_MTypeย 
ย cve๐ย web.nvd.nist.gov๐ฐ๏ธย 1ย Media mentions๐ย 18ย Views๐ WEB
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2026-45625 | 29 May 202617:10 | โ | attackerkb |
 | CVE-2026-45625 | 29 May 202620:24 | โ | circl |
 | arcane ๅฎๅ จๆผๆด | 29 May 202600:00 | โ | cnnvd |
 | CVE-2026-45625 Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs | 29 May 202617:10 | โ | cvelist |
 | EUVD-2026-33373 | 29 May 202617:10 | โ | euvd |
 | Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs | 18 May 202613:44 | โ | github |
 | CVE-2026-45625 | 29 May 202618:17 | โ | nvd |
 | GHSA-7H26-HG47-P9HX Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs | 18 May 202613:44 | โ | osv |
 | PT-2026-41692 | 18 May 202600:00 | โ | ptsecurity |
 | CVE-2026-45625 | 1 Jun 202622:03 | โ | redhatcve |
10
Node
[
{
"vendor": "getarcaneapp",
"product": "arcane",
"versions": [
{
"version": "< 1.19.0",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| id | query param | /api/customize/git-repositories | Git repo listing endpoint exposed without admin check and permits unauthorized users to access repository configurations. | CWE-862 |
| url | request body | /api/customize/git-repositories | Create a git repository configuration without admin authorization, enabling manipulation of credentials and subsequent exfiltration risk. | CWE-862 |
| token | request body | /api/customize/git-repositories | Create a git repository configuration without admin authorization, enabling manipulation of credentials and subsequent exfiltration risk. | CWE-862 |
| sshKey | request body | /api/customize/git-repositories | Create a git repository configuration without admin authorization, enabling manipulation of credentials and subsequent exfiltration risk. | CWE-862 |
| id | path | /api/customize/git-repositories/{id} | Get a specific git repository configuration without enforcing admin role. | CWE-862 |
| url | request body | /api/customize/git-repositories/{id} | Update a git repository configuration without admin check; potential to trigger credential exposure during tests or fetches. | CWE-862 |
| token | request body | /api/customize/git-repositories/{id} | Update a git repository configuration without admin check; potential to trigger credential exposure during tests or fetches. | CWE-862 |
| sshKey | request body | /api/customize/git-repositories/{id} | Update a git repository configuration without admin check; potential to trigger credential exposure during tests or fetches. | CWE-862 |
| id | path | /api/customize/git-repositories/{id} | Delete a git repository configuration without admin authorization. | CWE-862 |
| id | request body | /api/customize/git-repositories/{id}/test | Test a git repository configuration without admin verification, enabling propagation of credentials during test calls. | CWE-862 |
10
Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 10:52Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.19.9
EPSS0.00387
SSVC