CVE-2026-3838 in Unraidinformação

Sumário

de MITRE • 16/03/2026

Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.

The specific flaw exists within the update.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28951.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Divulgação

16/03/2026

Moderação

aceite

Entrada

VDB-350264

CPE

pronto

CWE

CWE-22 (confirmado)

CVSS

8.8 (CNA)

EPSS

0.04967

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-3838
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-3838
CVE Details	https://www.cvedetails.com/cve/CVE-2026-3838/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!