CVE-2026-40242 | getarcaneapp arcane up to 1.17.2 /api/templates/fetch url server-side request forgery (GHSA-ff24-4prj-gpmj)

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability was found in getarcaneapp arcane up to 1.17.2 and classified as critical. This impacts an unknown function of the file /api/templates/fetch. Such manipulation of the argument url leads to server-side request forgery.

This vulnerability is listed as CVE-2026-40242. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-40242 | getarcaneapp arcane up to 1.17.2 /api/templates/fetch url server-side request forgery (GHSA-ff24-4prj-gpmj)

Post correlati

CVE-2024-37414 | Averta Depicter Slider Plugin up to 3.0.2 on WordPress cross site scripting

CVE-2025-1815 | pbrong hrms up to 1.0.1 resourceresource.go HrmsDB user_cookie improper authorization

CVE-2025-10482 | SourceCodester Online Student File Management System 1.0 /admin/index.php Username sql injection

CVE-2025-0349 | Tenda AC6 15.03.05.16 GetParentControlInfo src stack-based overflow