Skip to main content

Arcane CVE-2026-47179

| EUVDEUVD-2026-33369 HIGH
Path Traversal (CWE-22)
2026-05-28 https://github.com/getarcaneapp/arcane GHSA-c3px-h233-h6fq
7.7
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.7 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
May 28, 2026 - 23:20 vuln.today
Analysis Generated
May 28, 2026 - 23:20 vuln.today
CVE Published
May 28, 2026 - 22:39 nvd
HIGH 7.7

DescriptionGitHub Advisory

Summary

ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating include paths, an authenticated user can create a project whose compose file declares include: ['../../../../etc/passwd'], then read the include via the project file API. The result is arbitrary read of any file readable by the Arcane backend process, including /app/data/arcane.db (the SQLite database containing every user's password hash and API key), enabling escalation to admin and, via Arcane's Docker control plane, RCE on the host.

Details

Root cause #1 - CreateProject writes compose content without validation (backend/internal/services/project_service.go:1605-1644):

go
func (s *ProjectService) CreateProject(ctx context.Context, name, composeContent string, envContent *string, user models.User) (*models.Project, error) {
    // ... directory setup ...
    if err := projects.SaveOrUpdateProjectFiles(projectsDirectory, projectPath, composeContent, envContent); err != nil {
        _ = s.db.WithContext(ctx).Delete(proj).Error
        return nil, fmt.Errorf("failed to save project files: %w", err)
    }
    // ...
}

Compare with UpdateProject (project_service.go:2494, :2577), which calls validateComposeContentForUpdate. That validator (line 2599) loads the compose with missingIncludeStubResourceLoaderInternal, which calls ValidateIncludePathForWrite (includes.go:139) and rejects includes outside the project directory. CreateProject bypasses this entirely, so any malicious include: array survives to disk.

Root cause #2 - GetProjectFileContent reads include files before path validation (backend/internal/services/project_service.go:831-872):

go
includes, parseErr := projects.ParseIncludes(composeFile, envMap, true)
if parseErr == nil {
    for _, inc := range includes {
        if inc.RelativePath == relativePath {
            return project.IncludeFile{
                Path:         inc.Path,
                RelativePath: inc.RelativePath,
                Content:      inc.Content,    // <-- arbitrary file content returned here
            }, nil
        }
    }
}

fullPath := filepath.Join(proj.Path, relativePath)
// ... IsSafeSubdirectory check at line 870 - never reached when include matches ...

Root cause #3 - ParseIncludes reads include files from anywhere by design (backend/pkg/projects/includes.go:24-72):

go
// Security Model for Include Files:
// - READ: Docker Compose allows include files from anywhere (parent dirs, absolute paths, etc.)
//         We allow reading from any path to maintain compatibility with standard Docker Compose behavior
// - WRITE/DELETE: Restricted to files within the project directory only for security

parseIncludeItemInternal at includes.go:97-101 builds fullPath = filepath.Clean(filepath.Join(baseDir, includePath)) and os.ReadFile(fullPath) at line 105 - no containment check. The returned RelativePath (line 124) is filepath.ToSlash(filepath.Clean(includePath)), which preserves ../../../../etc/passwd verbatim for the equality match in GetProjectFileContent.

Authorization surface: The handler GET /api/environments/{id}/projects/{projectId}/file (backend/internal/huma/handlers/projects.go:268-279) and POST /api/environments/{id}/projects (line 242-253) only declare BearerAuth/ApiKeyAuth. There is no admin-role gate on either handler - GetProjectFile (line 582) and CreateProject (line 524) simply call humamw.GetCurrentUserFromContext. The default user role assigned in users.go:223 is "user" (not admin), and that role is sufficient to exploit.

Resulting primitive: arbitrary read of any file readable by the Arcane backend process (uid/gid of the container). Sensitive targets include /app/data/arcane.db (SQLite containing argon2 password hashes and API keys for every user), /app/data/secrets/*, mounted host configuration, SSH keys (if mounted), and Docker socket-adjacent secrets.

Impact

  • Arbitrary file read as the Arcane backend process for any authenticated user, including users with the lowest-privilege "user" role.
  • Credential disclosure: arcane.db contains argon2 password hashes for every account (including admins) and API key material - supports offline cracking and direct token exfiltration.
  • Privilege escalation: a "user"-role attacker can recover or replay admin credentials, then exercise full Arcane functionality (Docker container/exec/volume control), which on a typical deployment with the host Docker socket mounted is host RCE.
  • Configuration / secret exposure: any environment files, OIDC client secrets, registry credentials, or files mounted into the container are reachable.
  • The scope crosses the security authority of other user accounts (S:C), since one authenticated user reads credentials belonging to other users and to the admin.

AnalysisAI

Authenticated arbitrary file read in Arcane (Docker management UI) versions ≤ 1.19.3 allows any low-privileged user to read any file accessible to the backend process by abusing Docker Compose include: directives. Because CreateProject skips include-path validation that UpdateProject enforces, an attacker can register a project whose compose file points at /etc/passwd or /app/data/arcane.db, then fetch the contents via the project file API - yielding stored password hashes and API keys for all users, enabling admin takeover and host RCE through Arcane's Docker control plane. No public exploit identified at time of analysis; vendor patch is available in 1.19.4.

Technical ContextAI

Arcane is a Go-based Docker/Compose management application (package github.com/getarcaneapp/arcane/backend) that lets authenticated users define Compose projects through its API. Docker Compose supports an include: directive for composing fragments from other files; Arcane intentionally allows includes to be read from arbitrary paths to preserve Compose compatibility, while restricting writes to within the project directory. The vulnerability is a classic CWE-22 (Path Traversal): ProjectService.CreateProject (project_service.go:1605) writes attacker-controlled compose YAML to disk without invoking the validateComposeContentForUpdate / ValidateIncludePathForWrite checks used by UpdateProject. ProjectService.GetProjectFileContent (project_service.go:831) then invokes projects.ParseIncludes, which performs os.ReadFile(filepath.Clean(filepath.Join(baseDir, includePath))) with no containment check (includes.go:97-105), and returns the file contents to the caller before the IsSafeSubdirectory guard at line 870 is ever reached. The RelativePath of the include preserves the traversal sequence verbatim, allowing the equality match in the handler to succeed.

RemediationAI

Vendor-released patch: upgrade Arcane backend to 1.19.4 or later, which adds validateComposeContentForUpdate enforcement to CreateProject and routes include reads through a new readProjectIncludeFileContentInternal helper that calls ValidateIncludePathForWrite, filepath.EvalSymlinks, and IsSafeSubdirectory before returning file content (commit https://github.com/getarcaneapp/arcane/commit/b6cbffabf61dbc3f12a28d3b5830e3c6b7e67daf; advisory https://github.com/getarcaneapp/arcane/security/advisories/GHSA-c3px-h233-h6fq). If immediate upgrade is not possible, compensating controls include: disabling self-registration and rotating all Arcane account passwords and API keys (the arcane.db may already have been exfiltrated - assume compromise if exposed); restricting network access to the Arcane API to trusted operators only via reverse-proxy ACLs or VPN (eliminates anonymous account creation paths but does not stop insider abuse); removing the host Docker socket mount where feasible to break the disclosure→RCE chain (cost: loses container-management functionality); and auditing access logs for POST /api/environments/*/projects followed by GET /api/environments/*/projects/*/file requests with traversal sequences in the path. After upgrading, rotate every password hash and API key stored in arcane.db because prior reads cannot be retroactively detected.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Share

CVE-2026-47179 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy