Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Homarr Dashboard: Unauthenticated Remote Server Access
CVE-2026-27797
Summary
An attacker can make Homarr servers access internal networks without permission. This could allow the attacker to access sensitive areas of the network. Update to version 1.54.0 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| homarr | homarr | <= 1.54.0 | – |
Original title
Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbit...
Original description
Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive (e.g., reaching loopback/private ranges) from the Homarr host/container network context. This issue has been patched in version 1.54.0.
nvd CVSS3.1
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026