Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Arcserve UDP Console Exposes Sensitive Data to Wrong Server
CVE-2026-40118
Summary
The Arcserve UDP Console may reveal sensitive information to an unintended server if the activation server hostname is set to an invalid URL. This could potentially put sensitive data at risk. Users should ensure they configure the hostname correctly to prevent this issue.
Original title
UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product...
Original description
UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing information disclosure.
nvd CVSS3.0
6.3
nvd CVSS4.0
5.1
Vulnerability type
CWE-941
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026