CVE-2026-40118

MEDIUM 6.3

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing information disclosure.

Vendor	arcserve
Product	udp console
Published	Apr 16, 2026
Last Updated	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for arcserve udp console

Be the first to know when new medium vulnerabilities affecting arcserve udp console are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Versions

Arcserve / UDP Console

10.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.arcserve.com: https://support.arcserve.com/s/article/P00003790?language=en_US&r=94&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1 jvn.jp: https://jvn.jp/en/jp/JVN88396700/