CVE-2026-27796

Published March 7th, 2026

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.

homarr-labs/homarr

A modern and easy to use dashboard. 40+ integrations. 20K+ icons built in. Authentication out of the box. No YAML, drag and drop configuration.

GitHub

3.98K