CVE-2026-27797
📋 TL;DR
Homarr dashboard versions before 1.54.0 contain an unauthenticated Server-Side Request Forgery (SSRF) vulnerability that allows attackers to force the server to make arbitrary HTTP requests. This can be used to access internal network resources from the Homarr host's network context. All Homarr instances running vulnerable versions are affected.
💻 Affected Systems
- Homarr
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive internal services, exfiltrate data, or pivot to other systems within the Homarr host's network.
Likely Case
Internal network reconnaissance, accessing internal APIs or services, and potential data exposure from internal systems.
If Mitigated
Limited impact if network segmentation restricts Homarr's outbound access and internal services require authentication.
🎯 Exploit Status
SSRF vulnerabilities typically have low exploitation complexity, especially when unauthenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.54.0
Vendor Advisory: https://github.com/homarr-labs/homarr/security/advisories/GHSA-vwqf-2f4m-2cq2
Restart Required: Yes
Instructions:
1. Stop Homarr service. 2. Update to version 1.54.0 using your deployment method (Docker, manual, etc.). 3. Restart Homarr service.
🔧 Temporary Workarounds
Network Restriction
allRestrict Homarr's outbound network access to only required destinations
Use firewall rules to block Homarr from accessing internal networks
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Homarr from sensitive internal networks
- Deploy a web application firewall (WAF) with SSRF protection rules
🔍 How to Verify
Check if Vulnerable:
Check Homarr version in dashboard settings or via APICheck Version:
Check Homarr web interface settings or container image tagVerify Fix Applied:
Confirm version is 1.54.0 or later in dashboard settings📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from Homarr server
- Requests to internal IP addresses or unusual domains
Network Indicators:
- Homarr server making unexpected HTTP requests to internal networks
SIEM Query:
source="homarr" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16)