How is CVE-2026-47125 exploited?

Network reachability (required): The attacker must be able to reach the Arcane API over the network (AV:N). Authentication (required): Any low-privilege authenticated account with a bearer token or API key is sufficient (PR:L); admin rights are not needed. Victim interaction (not-required): No user has to click or approve anything; the attacker calls the endpoint directly (UI:N). Attack complexity (info): Attack complexity is low (AC:L): a single PUT request to the unguarded endpoint reliably overwrites the global variables file.

What is the impact of CVE-2026-47125?

Overwrites the system-wide .env.global file, so every project's compose-file ${VAR} substitution resolves to attacker-supplied values. Redirects image pulls (REGISTRY, IMAGE) to attacker-controlled registries, yielding supply-chain remote code execution on the Docker host running Arcane. Exfiltrates secrets such as DATABASE_URL and SECRET_KEY by pointing them at attacker-controlled endpoints that other users' projects will then dial out to. Disrupts availability of all projects on the instance by corrupting the shared variable set.

Back to search

HIGHCVE-2026-47125Published 2026-05-29Modified 2026-05-29CNA GitHub_M

CVE-2026-47125: Arcane: Missing admin authorization on global variables endpoint

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin authorization check. Any authenticated non-admin user can call this endpoint with their bearer token or API key and overwrite the global environment variables that are merged into every project deployment. By overriding values like REGISTRY, IMAGE, DATABASE_URL, or SECRET_KEY that other users reference via ${VAR} in compose files, an attacker can redirect image pulls to attacker-controlled registries (supply-chain RCE on the Docker host), exfiltrate database credentials, or disrupt all projects. This vulnerability is fixed in 1.19.2.

HarborGuard Analysis

HarborGuard analysis

Synopsis

Authorization flaw in Arcane, a Docker management interface, where the PUT /api/environments/{id}/templates/variables endpoint does not enforce an admin check. Any authenticated user can reach it over the network with their own bearer token or API key, letting them overwrite the system-wide .env.global file that feeds variable substitution into every project's compose file. Successful exploitation enables supply-chain remote code execution on the Docker host (by redirecting image pulls), credential theft, and disruption of all deployed projects. A patched-image rebuild at 1.19.2 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against Arcane images in customer registries and pipelines, including custom-built images that embed the affected getarcaneapp/arcane binary.

Available

Triage

Triage is available with the published CVSS 3.1 score of 8.8 (HIGH) as the baseline, then reweighted by each customer's compliance policy (for example, environments that expose Arcane to multi-tenant or low-trust users score this higher) and routed to the appropriate inbox inside the customer org.

Available

Patch

A patched-image rebuild at Arcane 1.19.2 is available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, the rebuild is generated, a regression-test run is executed, and a PR is opened against affected workloads.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the Arcane API over the network (AV:N).
AuthenticationRequired
Any low-privilege authenticated account with a bearer token or API key is sufficient (PR:L); admin rights are not needed.
Victim interactionNot required
No user has to click or approve anything; the attacker calls the endpoint directly (UI:N).
Attack complexityDetail
Attack complexity is low (AC:L): a single PUT request to the unguarded endpoint reliably overwrites the global variables file.

Blast Radius

Overwrites the system-wide .env.global file, so every project's compose-file ${VAR} substitution resolves to attacker-supplied values.
Redirects image pulls (REGISTRY, IMAGE) to attacker-controlled registries, yielding supply-chain remote code execution on the Docker host running Arcane.
Exfiltrates secrets such as DATABASE_URL and SECRET_KEY by pointing them at attacker-controlled endpoints that other users' projects will then dial out to.
Disrupts availability of all projects on the instance by corrupting the shared variable set.

How HarborGuard Handles This

Available on HarborGuard: a patched-image rebuild at Arcane 1.19.2 for any environment running an affected version. Where compliance policy permits auto-remediation, the rebuild is produced, a regression-test run is executed against the customer's pipeline, and a PR is opened against affected workloads; median time from CVE publication to merged patch PR for high-severity issues like this one is around 90 minutes for environments with auto-remediation enabled. For environments that cannot upgrade immediately, compensating-control guidance is available: restrict the Arcane API to admin users at an ingress or network-policy layer, rotate any secrets referenced in .env.global, and audit recent writes to the global variables endpoint for unexpected changes to REGISTRY, IMAGE, DATABASE_URL, or SECRET_KEY values.

See how HarborGuard automates this

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

getarcaneapp / arcane
< 1.19.2

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/getarcaneapp/arcane/security/advisories/GHSA-jpjh-jm2p-39hh