CNNVD-202602-945 Information

CNNVD ID

CNNVD-202602-945

Related CVE

CVE-2026-25123

• CNNVD Published: 2026-02-06

Description (Chinese)

homarr是Thomas Camlong个人开发者的一个可定制的浏览器主页，用于与主服务器的 Docker 容器进行交互。 Homarr 1.52.0之前版本存在代码问题漏洞，该漏洞源于未经验证的tRPC端点接受任意URL并执行服务器端请求，可能导致服务端请求伪造和端口扫描。

Description (English)

Homarr is the home page of a custom browser for Thomas Camlong personal developer to interact with the Docker container on the main server. There was a code gap in the pre-Momarr 1.52.0 version, which resulted from uncertified tRPC endpoints accepting random URLs and implementing server end-to-end requests, which could result in the service-end requests for forgery and port scanning.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/homarr-labs/homarr/security/advisories/GHSA-c6rh-8wj4-gv74 https://access.redhat.com/security/cve/cve-2026-25123

Patch

https://homarr.dev/