What is the CVSS score of CVE-2020-5849?

CVE-2020-5849 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 93.8%.

Which versions of Unraid are affected by CVE-2020-5849?

Organizations using Unraid 6.8.0 face notable risk from CVE-2020-5849 rated CVSS 7.5. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2020-5849?

Yes, a public proof-of-concept exploit is available for CVE-2020-5849. Prioritise patching immediately. EPSS: 93.8%.

How to fix or mitigate CVE-2020-5849?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Unraid CVE-2020-5849

HIGH

Incorrect Comparison (CWE-697)

2020-03-16 cve@mitre.org

Authentication Bypass Unraid

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

Added to CISA KEV

Mar 17, 2026 - 14:10 cisa

CISA KEV

PoC Detected

Mar 17, 2026 - 14:10 vuln.today

Public exploit code

CVE Published

Mar 16, 2020 - 18:15 nvd

HIGH 7.5

DescriptionCVE.org

Unraid 6.8.0 allows authentication bypass.

AnalysisAI

Unraid 6.8.0 contains an authentication bypass vulnerability (CVE-2020-5849, CVSS 7.5, EPSS 93.8%) that allows remote attackers to bypass login protections. Companion to CVE-2020-5847 (RCE), these two vulnerabilities together provide complete unauthenticated access and code execution on affected Unraid NAS systems.

Technical ContextAI

The authentication mechanism in Unraid 6.8.0 contains an incorrect comparison (CWE-697) that allows attackers to bypass the login requirement. Combined with CVE-2020-5847 (unauthenticated RCE), these form a complete attack chain against Unraid systems. Even organizations that have restricted management interface access may be vulnerable if the bypass can be triggered through unexpected paths.

RemediationAI

Update Unraid beyond 6.8.0. Never expose management interface to the internet. Implement VPN for remote management.

CVE-2020-5849 vulnerability details – vuln.today

Back

Unraid CVE-2020-5849

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code