CVE-2026-40118

· NIST NVD ↗

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing information disclosure.

MEDIUM
CVSS severity
6.3
CVSS base score
2026-04-16
Published

CWE codes

CWE-941

Sources