CVE-2026-27796 — MEDIUM (5.3)

Q: How severe is CVE-2026-27796?

CVE-2026-27796 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-27796?

Check the references section above for vendor advisories and patch information. Affected products include: Homarr Homarr.

Vulnerability Description

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Homarr	Homarr	< 1.54.0

Related Weaknesses (CWE)

CWE-200 CWE-862

References

https://github.com/homarr-labs/homarr/commit/91fc5a5c747121475a50f2713d571ceb89ePatch
https://github.com/homarr-labs/homarr/releases/tag/v1.54.0Release Notes
https://github.com/homarr-labs/homarr/security/advisories/GHSA-m4vc-4prp-cvp7ExploitVendor Advisory

FAQ

What is CVE-2026-27796?

CVE-2026-27796 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of ...

How severe is CVE-2026-27796?

CVE-2026-27796 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-27796?

Check the references section above for vendor advisories and patch information. Affected products include: Homarr Homarr.