MEDIUM 6.3

CVE-2026-45626: Arcane Docker Management Command Injection Vulnerability

Arcane, a Docker management interface, contains a command injection vulnerability in its volume browsing feature. When authenticated users request to browse files within a Docker volume, the application constructs a shell command that includes user-supplied path input. Although the application attempts to block directory traversal attacks using `../`, it fails to remove shell metacharacters like `$()` and backticks. This oversight allows an attacker to inject arbitrary commands that execute within the Arcane helper container. The results of injected commands are returned in error messages, effectively giving attackers a channel to execute code and exfiltrate output.

Source data · NVD / CISA · public domain

CVSS
3.1 · 6.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Weaknesses (CWE)
CWE-78
Affected products
0 configuration(s)
Published / Modified
2026-05-29 / 2026-06-17

NVD description (verbatim)

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is passed to a shell command (sh -c "find … | while …") inside an Arcane helper container. The path sanitiser blocks ../ traversal but does not strip Bourne-shell metacharacters such as $() or backticks, and strconv.Quote only escapes Go string metacharacters, not shell substitution sequences. Any authenticated user with access to a browseable volume can execute arbitrary commands inside the helper container; command output is reflected back in the 500 error body.

1 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-45626 is a shell command injection vulnerability in Arcane 1.18.1 and earlier. The GET /environments/{id}/volumes/{volumeName}/browse endpoint accepts a path query parameter that is directly interpolated into a shell command executed via `sh -c "find … | while …"` within a helper container. The vulnerability exists in the parameter handling logic: while a path sanitiser blocks `../` traversal sequences, it does not remove Bourne shell metacharacters such as `$()` and backticks. Additionally, the use of `strconv.Quote` only escapes Go string delimiters and escape sequences, not shell substitution constructs. An authenticated attacker can inject shell metacharacters into the path parameter to execute arbitrary commands. Command output is reflected in HTTP 500 error responses, providing direct exfiltration of execution results. The attack requires authentication and knowledge of a browseable volume name, but is otherwise trivial to exploit once those conditions are met.

Business impact

This vulnerability enables authenticated users to execute arbitrary code within the Arcane helper container, potentially allowing attackers to access sensitive data, modify container configurations, or pivot to other Docker infrastructure components. Because the helper container operates within the Docker environment managed by Arcane, successful exploitation could lead to unauthorized access to volumes containing application data, credentials, or other sensitive artifacts. Organizations relying on Arcane for multi-tenant or multi-team Docker management face heightened risk if internal users or compromised accounts are leveraged to exploit this flaw. The ability to reflect command output in error responses reduces friction for attackers attempting to exfiltrate information covertly.

Affected systems

Arcane versions 1.18.1 and earlier are affected. Exploitation requires authentication and access to at least one browseable volume. Organizations running Arcane as part of their container management stack, particularly those with multiple users or service accounts accessing Docker environments, should prioritize assessment and patching of this issue.

Exploitability

Exploitability is moderate to high within organizational contexts where multiple authenticated users access Arcane. The vulnerability requires valid credentials but does not require elevated privileges beyond standard volume browsing access. No network segmentation or complex setup is required; the attack is executed via a straightforward HTTP GET request with a crafted path parameter. Proof-of-concept exploitation is straightforward for anyone with shell metacharacter knowledge. However, external threat actors must first compromise valid credentials to reach the endpoint. Internal threats or credential compromise scenarios present the highest risk.

Remediation

Organizations should upgrade Arcane to a version released after 1.18.1 that properly sanitizes shell metacharacters from user input before constructing shell commands. Verify against the vendor advisory for the specific patch version and availability timeline. As an interim mitigation, restrict access to the Arcane interface using network-level controls (firewalls, VPNs, or service meshes), implement strong authentication with MFA where possible, and monitor access logs for suspicious pattern of volume browsing requests followed by error responses.

Patch guidance

Monitor Arcane release notes and security advisories for patched versions addressing this command injection flaw. When patches become available, test them in a non-production environment to validate compatibility with your Docker configurations and dependent services. Apply patches to all instances of Arcane running version 1.18.1 or earlier. Prioritize instances exposed to multiple internal users or external network access. Verify the patch remediates the vulnerability by confirming that shell metacharacters in path parameters are properly escaped or sanitized in updated versions.

Detection guidance

Search logs for GET requests to /environments/*/volumes/*/browse endpoints with path parameters containing shell metacharacters such as `$()`, backticks, `$(`, `|`, `;`, `&`, or other Bourne shell special characters. Monitor for HTTP 500 responses from the browse endpoint, particularly when correlated with unusual path parameter values. Examine helper container logs for unexpected command execution or child process spawning. Use container runtime security tools to detect process spawning from the helper container that diverges from expected browse operation behavior. Correlate volume browsing access with user identity and baseline against normal usage patterns to identify anomalies.

Why prioritize this

Although assigned CVSS 3.1 score of 6.3 (MEDIUM), this vulnerability warrants prioritization due to its low barrier to exploitation for authenticated users, direct impact on container infrastructure, and potential for data exfiltration or lateral movement. The lack of exploit complexity and the ability to trivially craft malicious requests make this a practical target for insider threats or attackers with compromised credentials. Organizations with large numbers of Arcane users or shared Docker environments should treat this as high priority.

Risk score, explained

The CVSS 3.1 score of 6.3 reflects a MEDIUM severity vulnerability with network-based attack vector, low attack complexity, and a requirement for low-level privileges (authentication). Impact is limited to confidentiality, integrity, and availability of the affected container scope rather than the broader system. The score appropriately captures the need for authentication as a mitigating factor; however, organizations with permissive internal access policies or weak credential management should consider this vulnerability more severe in their context.

Frequently asked questions

Can this vulnerability be exploited without valid Arcane credentials?

No. The vulnerability requires authentication to access the `/environments/{id}/volumes/{volumeName}/browse` endpoint. However, once authenticated, any user with permission to browse a volume can inject commands. This makes credential compromise, insider threats, and weak access controls significant risk vectors.

What information can an attacker extract using this vulnerability?

Command output is returned in HTTP 500 error responses, allowing attackers to execute shell commands and receive results directly in the response body. This enables exfiltration of files, environment variables, process listings, and any data readable from within the helper container. The scope depends on the permissions and environment of the helper container itself.

Does the path sanitiser's block of `../` provide any protection against this attack?

The `../` filter only prevents directory traversal within the volume mount point. It does not stop shell metacharacter injection. Attackers can bypass the traversal restriction and still inject arbitrary commands using shell substitution syntax, rendering the path sanitiser ineffective against this specific vulnerability.

What is the difference between strconv.Quote escaping and proper shell escaping?

strconv.Quote escapes Go string delimiters and escape sequences but does not escape Bourne shell metacharacters like `$()`, backticks, or pipes. Proper shell escaping requires using functions specifically designed for shell contexts, such as `shlex.quote` in Python or similar functions in other languages. This mismatch is the root cause of the vulnerability.

This analysis is based on the published CVE description and CVSS vector. Verify all technical details, affected versions, and patch availability against the official Arcane security advisory and vendor communications. This document does not constitute a guarantee that the described vulnerability exists in all deployments or that the remediation steps will prevent all exploitation attempts. Security teams should conduct their own risk assessments tailored to their infrastructure, access controls, and threat models. No exploit code, weaponized proof-of-concept, or detailed attack execution steps are provided herein. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).