CVE-2026-40118

Summary

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing information disclosure.

Affected Software

VendorProductVersion RangeStatus
ArcserveUDP Console10.3affected

Weaknesses

  • CWE-941: Incorrectly specified destination in a communication channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References