Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Homarr: Publicly Accessible Integration List Exposes Sensitive Data
CVE-2026-27796
Summary
Prior to version 1.54.0, Homarr's dashboard was exposing sensitive information about its integrations to anyone. This included internal service URLs and other details that could be used to compromise security. Update to version 1.54.0 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| homarr | homarr | <= 1.54.0 | – |
Original title
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list ...
Original description
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.
nvd CVSS3.1
5.3
Vulnerability type
CWE-200
Information Exposure
CWE-862
Missing Authorization
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026