Skip to main content

Unraid CVE-2020-5849

HIGH
Incorrect Comparison (CWE-697)
2020-03-16 cve@mitre.org
Authentication Bypass Unraid
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Added to CISA KEV
Mar 17, 2026 - 14:10 cisa
CISA KEV
PoC Detected
Mar 17, 2026 - 14:10 vuln.today
Public exploit code
CVE Published
Mar 16, 2020 - 18:15 nvd
HIGH 7.5

DescriptionNVD

Unraid 6.8.0 allows authentication bypass.

AnalysisAI

Unraid 6.8.0 contains an authentication bypass vulnerability (CVE-2020-5849, CVSS 7.5, EPSS 93.8%) that allows remote attackers to bypass login protections. Companion to CVE-2020-5847 (RCE), these two vulnerabilities together provide complete unauthenticated access and code execution on affected Unraid NAS systems.

Technical ContextAI

The authentication mechanism in Unraid 6.8.0 contains an incorrect comparison (CWE-697) that allows attackers to bypass the login requirement. Combined with CVE-2020-5847 (unauthenticated RCE), these form a complete attack chain against Unraid systems. Even organizations that have restricted management interface access may be vulnerable if the bypass can be triggered through unexpected paths.

RemediationAI

Update Unraid beyond 6.8.0. Never expose management interface to the internet. Implement VPN for remote management.

Share

CVE-2020-5849 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy