Lucene search
K

5 matches found

NVD
NVD
added 2026/05/29 6:17 p.m.16 views

CVE-2026-45626

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:10 p.m.13 views

CVE-2026-45626

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS6AI score0.0021EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 5:10 p.m.11 views

CVE-2026-45626 Arcane: OS Command Injection in Volume Browser ListDirectory via path query parameter

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS6AI score0.0021EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 1:59 p.m.21 views

Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter

Summary GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitiser blocks ../ traversal but does not strip Bourne-shell metacharacters such as $ or backticks, and...

6.3CVSS6.2AI score0.0021EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/18 1:59 p.m.7 views

GHSA-9MVM-4GWG-V8MP Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter

Summary GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitiser blocks ../ traversal but does not strip Bourne-shell metacharacters such as $ or backticks, and...

6.3CVSS6.2AI score0.0021EPSS
Exploits0References3
Rows per page
Query Builder