{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27797", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-24T02:31:33.266Z", "datePublished": "2026-03-07T05:54:32.223Z", "dateUpdated": "2026-03-09T20:44:25.842Z"}, "containers": {"cna": {"title": "Homarr: Unauthenticated SSRF in rssFeed.ts", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-vwqf-2f4m-2cq2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-vwqf-2f4m-2cq2"}, {"name": "https://github.com/homarr-labs/homarr/commit/fce970c70653f200ff1c73081139a77f0379bd91", "tags": ["x_refsource_MISC"], "url": "https://github.com/homarr-labs/homarr/commit/fce970c70653f200ff1c73081139a77f0379bd91"}, {"name": "https://github.com/homarr-labs/homarr/releases/tag/v1.54.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/homarr-labs/homarr/releases/tag/v1.54.0"}], "affected": [{"vendor": "homarr-labs", "product": "homarr", "versions": [{"version": "< 1.54.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T05:54:32.223Z"}, "descriptions": [{"lang": "en", "value": "Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive (e.g., reaching loopback/private ranges) from the Homarr host/container network context. This issue has been patched in version 1.54.0."}], "source": {"advisory": "GHSA-vwqf-2f4m-2cq2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27797", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T20:40:40.381666Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T20:44:25.842Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27797", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T20:40:40.381666Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T20:41:59.275Z"}}], "cna": {"title": "Homarr: Unauthenticated SSRF in rssFeed.ts", "source": {"advisory": "GHSA-vwqf-2f4m-2cq2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "homarr-labs", "product": "homarr", "versions": [{"status": "affected", "version": "< 1.54.0"}]}], "references": [{"url": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-vwqf-2f4m-2cq2", "name": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-vwqf-2f4m-2cq2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/homarr-labs/homarr/commit/fce970c70653f200ff1c73081139a77f0379bd91", "name": "https://github.com/homarr-labs/homarr/commit/fce970c70653f200ff1c73081139a77f0379bd91", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/homarr-labs/homarr/releases/tag/v1.54.0", "name": "https://github.com/homarr-labs/homarr/releases/tag/v1.54.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive (e.g., reaching loopback/private ranges) from the Homarr host/container network context. This issue has been patched in version 1.54.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T05:54:32.223Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27797", "state": "PUBLISHED", "dateUpdated": "2026-03-09T20:44:25.842Z", "dateReserved": "2026-02-24T02:31:33.266Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-07T05:54:32.223Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:homarr:homarr:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFFCA4B2-8A81-4B17-93E9-0E177DF83401", "versionEndExcluding": "1.54.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive (e.g., reaching loopback/private ranges) from the Homarr host/container network context. This issue has been patched in version 1.54.0."}, {"lang": "es", "value": "Homarr es un panel de control de c\u00f3digo abierto. Antes de la versi\u00f3n 1.54.0, una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) no autenticada permite a un atacante remoto forzar al servidor Homarr a realizar peticiones HTTP salientes arbitrarias. Esto puede ser utilizado como una primitiva de acceso a la red interna (por ejemplo, alcanzando rangos de loopback/privados) desde el contexto de red del host/contenedor de Homarr. Este problema ha sido parcheado en la versi\u00f3n 1.54.0."}], "id": "CVE-2026-27797", "lastModified": "2026-03-10T16:24:46.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-07T06:16:09.843", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/homarr-labs/homarr/commit/fce970c70653f200ff1c73081139a77f0379bd91"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/homarr-labs/homarr/releases/tag/v1.54.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-vwqf-2f4m-2cq2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.54.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "homarr", "source": "cna", "vendor": "homarr-labs"}, "product": "homarr", "vendor": "homarr-labs"}], "analysis": {"en": {"generated_at": "2026-04-16T10:58:47.709840+00:00", "value": {"mitigation_remediation": ["Upgrade Homarr to version 1.54.0 or later, where the SSRF flaw is patched.", "If an upgrade is not immediately possible, restrict the Homarr container\u2019s outbound traffic using firewall rules or network segmentation so that only allowed destinations can be reached.", "As a temporary workaround, disable or protect the rssFeed endpoint by removing the route, requiring authentication, or blocking the URL parameter in the request before it reaches the server."], "summary": {"action": "Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The flaw affects the open\u2011source Homarr dashboard from homarr\u2011labs, with all releases prior to version 1.54.0 vulnerable. Users running any earlier version of Homarr on a publicly reachable host or container are at risk.", "description_and_impact": "An unauthenticated Server\u2011Side Request Forgery (SSRF) flaw was discovered in Homarr\u2019s rssFeed.ts module. The vulnerability allows an attacker to supply arbitrary URLs to the Homarr server, which then performs outbound HTTP or HTTPS requests from the host or container. This can serve as a gateway to internal network resources such as loopback or private IP ranges, potentially exposing sensitive services. The weakness is classified as CWE\u2011918, indicating improper validation of user\u2011supplied URLs.", "risk_and_exploitability": "The CVSS score of 5.3 reflects a moderate impact with an unauthenticated attack vector and network access. The EPSS score of less than 1\u202f% indicates a low probability of active exploitation, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need to send a crafted request to the rssFeed endpoint, which requires no authentication, and therefore can be performed from any external network that can reach the Homarr instance. If successful, the extent of damage is limited to the reachability of outbound network resources from the Homarr host."}}}}, "created": "2026-03-09T10:05:46.059433+00:00", "updated": "2026-04-16T11:00:10.675943+00:00", "vendors": ["homarr-labs", "homarr-labs$PRODUCT$homarr"]}