CVE-2026-40118 | THREATINT

Description

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing information disclosure.

PUBLISHED Reserved 2026-04-09 | Published 2026-04-16 | Updated 2026-04-16 | Assigner jpcert

MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

Incorrectly specified destination in a communication channel

Product status

10.3

affected

References

support.arcserve.com/...ction.createDraftFromOnlineArticle=1

jvn.jp/en/jp/JVN88396700/

cve.org (CVE-2026-40118)

nvd.nist.gov (CVE-2026-40118)

Download JSON