Meier Lukas

2 exploits Active since Mar 2026
CVE-2026-27796 WRITEUP MEDIUM WRITEUP
Homarr <1.54.0 - Info Disclosure
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.
CVSS 5.3
CVE-2026-27797 WRITEUP MEDIUM WRITEUP
Homarr <1.54.0 - SSRF
Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive (e.g., reaching loopback/private ranges) from the Homarr host/container network context. This issue has been patched in version 1.54.0.
CVSS 5.3