CVE-2026-47125
GetArcaneApp · Arcane
Arcane, an interface for managing Docker containers, suffers from a missing authorization vulnerability that could allow unauthorized access to container management functions.
Executive summary
A missing authorization vulnerability in the Arcane management interface exposes container infrastructure to unauthorized administrative actions.
Vulnerability
The application is susceptible to CWE-862 (Missing Authorization), where the software performs an action without verifying if the user has the required permissions. This vulnerability allows an attacker to perform unauthorized operations within the container management environment.
Business impact
Successful exploitation allows an unauthorized party to manipulate container images, networks, and volumes, potentially leading to full system compromise or service disruption. With a CVSS score of 8.8, this vulnerability represents a high risk to the availability and integrity of the underlying infrastructure.
Remediation
Immediate Action: Upgrade to Arcane version 1.19.2 or later immediately to resolve the authorization gap.
Proactive Monitoring: Audit access logs for unusual administrative activity or unauthorized attempts to access container management endpoints.
Compensating Controls: Implement strict network access control lists (ACLs) to restrict access to the Arcane interface to authorized management IP addresses only.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The severity of this flaw necessitates immediate attention. Administrators must prioritize updating the Arcane application to the latest version to prevent unauthorized container orchestration and potential lateral movement within the environment.