Platform
linux
Component
unraid
Fixed in
7.2.4
CVE-2026-3839 is a Path Traversal vulnerability discovered in Unraid, a network-attached storage (NAS) operating system. This flaw allows attackers to bypass authentication, granting them potential unauthorized access to the system. The vulnerability affects Unraid versions 7.2.3–7.2.3 and has been reported as ZDI-CAN-28912. A fix is available, and users are strongly advised to upgrade immediately.
The primary impact of CVE-2026-3839 is the ability for an attacker to bypass authentication on an Unraid server. Because authentication is not required to exploit this vulnerability, any user with network access to the server could potentially exploit it. Successful exploitation could lead to unauthorized access to sensitive data stored on the NAS, including user credentials, configuration files, and personal files. The attacker could also modify system settings, install malware, or use the compromised server as a launchpad for further attacks within the network. This vulnerability shares similarities with other authentication bypass flaws where lack of input validation allows attackers to manipulate file paths.
CVE-2026-3839 was publicly disclosed on 2026-03-13. The vulnerability is tracked as ZDI-CAN-28912. There is currently no indication of active exploitation campaigns targeting this vulnerability, but the lack of authentication requirement makes it a potentially attractive target. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests it could be easily exploited.
Exploit Status
EPSS
0.40% (60% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-3839 is to upgrade Unraid to a patched version as soon as it becomes available. Until the upgrade can be performed, consider implementing temporary workarounds to reduce the attack surface. Restrict network access to the Unraid server by using firewalls to limit inbound connections to only necessary ports. Closely monitor authentication logs for suspicious activity, such as unexpected login attempts or access to sensitive files. Consider implementing a Web Application Firewall (WAF) to filter malicious requests targeting the authentication endpoint. After upgrading, confirm the vulnerability is resolved by attempting to access restricted resources without authentication.
Update Unraid to a version later than 7.2.3 that fixes the path traversal vulnerability in the auth-request.php file. Consult the release notes for more details about the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3839 is a Path Traversal vulnerability in Unraid versions 7.2.3–7.2.3 that allows attackers to bypass authentication and potentially gain unauthorized access to the system.
If you are running Unraid version 7.2.3–7.2.3, you are potentially affected by this vulnerability. Upgrade to the latest available version as soon as possible.
The recommended fix is to upgrade Unraid to a patched version. Until the upgrade is complete, restrict network access and monitor authentication logs.
There is currently no confirmed active exploitation, but the vulnerability's nature makes it a potential target. Monitor your systems closely.
Refer to the official Unraid security advisory for detailed information and updates regarding CVE-2026-3839.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.