CVE-2026-3838 in Unraidالمعلومات

الملخص

بحسب MITRE • 16/03/2026

Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.

The specific flaw exists within the update.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28951.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

إفشاء

16/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-350264

CPE

جاهز

CWE

CWE-22 (مؤكد)

CVSS

8.8 (CNA)

EPSS

0.04967

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-3838
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-3838
CVE Details	https://www.cvedetails.com/cve/CVE-2026-3838/

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!