CVE-2026-45625 affects Arcane, a Docker container management interface, prior to version 1.19.0. The vulnerability allows any authenticated user to access admin-only GitOps repository management endpoints due to missing authorization checks. Eight of nine API endpoints under /api/customize/git-repositories and /api/git-repositories/sync fail to call the checkAdmin() function. Attackers can exploit this to list, create, modify, and delete git repository configurations. The most critical impact is credential exfiltration - attackers can redirect repository URLs to attacker-controlled hosts, causing Arcane to decrypt and send legitimate PAT/SSH keys as authentication, resulting in plaintext credential theft.