GO-2026-4320
- Source
- https://pkg.go.dev/vuln/GO-2026-4320
- Import Source
- https://vuln.go.dev/ID/GO-2026-4320.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2026-4320
- Aliases
- Published
- 2026-01-23T02:28:11Z
- Modified
- 2026-01-23T02:56:06.193834Z
- Summary
- Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend
- Details
-
Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend
- Database specific
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2026-4320" }- References
-
- https://github.com/getarcaneapp/arcane/security/advisories/GHSA-gjqq-6r35-w3r8
- https://nvd.nist.gov/vuln/detail/CVE-2026-23520
- https://github.com/getarcaneapp/arcane/commit/5a9c2f92e11f86f8997da8c672844468f930b7e4
- https://github.com/getarcaneapp/arcane/pull/1468
- https://github.com/getarcaneapp/arcane/releases/tag/v1.13.0
Affected packages
Go / github.com/getarcaneapp/arcane/backend
Package
- Name
- github.com/getarcaneapp/arcane/backend
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/getarcaneapp/arcane/backend