Plattform
linux
Komponente
unraid
Behoben in
7.2.4
CVE-2026-3839 is a Path Traversal vulnerability discovered in Unraid, a network-attached storage (NAS) operating system. This flaw allows attackers to bypass authentication, granting them potential unauthorized access to the system. The vulnerability affects Unraid versions 7.2.3–7.2.3 and has been reported as ZDI-CAN-28912. A fix is available, and users are strongly advised to upgrade immediately.
The primary impact of CVE-2026-3839 is the ability for an attacker to bypass authentication entirely. This means an attacker can access Unraid's web interface and potentially execute commands without providing valid credentials. Successful exploitation could lead to data breaches, system compromise, and the installation of malicious software. The blast radius extends to any data stored on the Unraid NAS, including personal files, media libraries, and potentially sensitive business data. This vulnerability shares similarities with other authentication bypass flaws where lack of input validation allows attackers to manipulate paths and gain unauthorized access.
CVE-2026-3839 was publicly disclosed on 2026-03-13. The vulnerability is considered to have a medium probability of exploitation due to its authentication bypass nature and the potential for easy exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's simplicity suggests that a PoC could emerge quickly. It is not currently listed on the CISA KEV catalog.
Organizations and individuals utilizing Unraid NAS devices, particularly those with exposed web interfaces or limited network segmentation, are at risk. Shared hosting environments where multiple users share an Unraid server are especially vulnerable, as a compromise of one user's account could potentially lead to broader system access.
• linux / server:
journalctl -u unraid | grep -i "auth-request.php"• linux / server:
ps aux | grep -i "unraid"• generic web:
Use curl to test the /auth-request.php endpoint with various path traversal payloads (e.g., ../etc/passwd).
curl http://<unraid_ip>/auth-request.php?file=../../../../etc/passwddisclosure
Exploit-Status
EPSS
0.40% (60% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-3839 is to upgrade to a patched version of Unraid as soon as it becomes available. Until the upgrade is possible, consider implementing temporary workarounds to reduce the attack surface. Restricting network access to the Unraid NAS by limiting inbound connections to only necessary ports can help. Closely monitor authentication logs for suspicious activity, such as unusual login attempts or access patterns. Implement a Web Application Firewall (WAF) to filter malicious requests targeting the authentication endpoint. While a specific Sigma or YARA rule may not be available, generic rules for path traversal attempts can be applied.
Unraid auf eine Version aktualisieren, die neuer als 7.2.3 ist und die Pfad-Traversal-Schwachstelle in der Datei auth-request.php behebt. Weitere Details zur Aktualisierung finden Sie in den Versionshinweisen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-3839 is a Path Traversal vulnerability in Unraid versions 7.2.3–7.2.3 that allows attackers to bypass authentication and potentially gain unauthorized access to the system.
If you are running Unraid version 7.2.3–7.2.3, you are potentially affected by this vulnerability. Upgrade to the latest available version as soon as possible.
The recommended fix is to upgrade Unraid to a patched version. Until the upgrade is complete, restrict network access and monitor authentication logs.
There is currently no confirmed active exploitation, but the vulnerability's nature makes it a potential target. Monitor your systems closely.
Refer to the official Unraid security advisory for detailed information and updates regarding CVE-2026-3839.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.