Description

Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive (e.g., reaching loopback/private ranges) from the Homarr host/container network context. This issue has been patched in version 1.54.0.

INFO

Published Date :

2026-03-07T05:54:32.223Z

Last Modified :

2026-03-09T20:44:25.842Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27797 vulnerability.

Vendors Products
Homarr
  • Homarr
Homarr-labs
  • Homarr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27797.

URL Resource
https://github.com/homarr-labs/homarr/commit/fce970c70653f200ff1c73081139a77f0379bd91 cve-icon cve-icon
https://github.com/homarr-labs/homarr/releases/tag/v1.54.0 cve-icon cve-icon
https://github.com/homarr-labs/homarr/security/advisories/GHSA-vwqf-2f4m-2cq2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact