Product
Arcane versions before 1.18.0 are vulnerable to an unauthenticated information disclosure on four GET endpoints under `/api/templates*`, allowing unauthorized access to Compose YAML and `.env` content including sensitive secrets.