Auth bypass in Getarcaneapp Arcane

CVE-2026-23944

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without…

Vulnerability class: Broken Authentication

EPSS: 0.002 (42.5th percentile) — read the EPSS interpretation.

Affected products

Getarcaneapp Arcane — versions < 1.13.2

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

https://github.com/getarcaneapp/arcane/security/advisories/GHSA-2jv8-39rp-cqqr (x_refsource_CONFIRM)
https://github.com/getarcaneapp/arcane/pull/1532 (x_refsource_MISC)
https://github.com/getarcaneapp/arcane/commit/2008e1b93b25d0c4c3fff3af07843766231614eb (x_refsource_MISC)
https://github.com/getarcaneapp/arcane/releases/tag/v1.13.2 (x_refsource_MISC)