CVE-2026-25123

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-25123
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25123.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-25123
Aliases
  • GHSA-c6rh-8wj4-gv74
Published
2026-02-06T21:19:40.212Z
Modified
2026-02-07T02:56:28.417683Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping
Details

Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthenticated) tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF behavior and a reliable port-scanning primitive (open vs closed ports can be inferred from statusCode vs fetch failed and timing). This vulnerability is fixed in 1.52.0.

Database specific 
{
    "cwe_ids": [
        "CWE-918"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25123.json"
}
References

Affected packages

Git / github.com/homarr-labs/homarr

Affected ranges

Type
GIT
Repo
https://github.com/homarr-labs/homarr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d2c075517fd5b86b3f567aa8ef9c8ddc0046dc74
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.52.0"
        }
    ]
}

Affected versions

0.*
0.0.1
v1.*
v1.0.0
v1.0.0-beta.1
v1.0.0-beta.10
v1.0.0-beta.11
v1.0.0-beta.12
v1.0.0-beta.2
v1.0.0-beta.3
v1.0.0-beta.4
v1.0.0-beta.5
v1.0.0-beta.6
v1.0.0-beta.7
v1.0.0-beta.8
v1.0.0-beta.9
v1.0.1
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.19.0
v1.19.1
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.28.1
v1.29.0
v1.3.0
v1.3.1
v1.30.0
v1.30.1
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.35.1
v1.36.0
v1.36.1
v1.37.0
v1.38.0
v1.39.0
v1.4.0
v1.40.0
v1.41.0
v1.42.0
v1.42.1
v1.43.0
v1.43.1
v1.43.2
v1.43.3
v1.44.0
v1.45.0
v1.45.1
v1.45.2
v1.45.3
v1.46.0
v1.47.0
v1.48.0
v1.49.0
v1.49.1
v1.5.0
v1.50.0
v1.50.1
v1.51.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25123.json"