CVE-2026-45626 | getarcaneapp arcane up to 1.18.1 Query Parameter browse os command injection (GHSA-9mvm-4gwg-v8mp)

A vulnerability was found in getarcaneapp arcane up to 1.18.1 and classified as critical. The impacted element is an unknown function of the file /environments/{id}/volumes/{volumeName}/browse of the component Query Parameter Handler. The manipulation results in os command injection.

This vulnerability was named CVE-2026-45626. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More