CVE ID :CVE-2026-42461 Published : May 9, 2026, 4:16 a.m. | 1 hour, 28 minutes ago Description :Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full Compose YAML and .env content of every custom template stored in the instance. Because Arcane's UI exposes a