CVE-2020-5849

HIGH
2020-03-16 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
PoC Detected
Mar 17, 2026 - 14:10 vuln.today
Public exploit code
Added to CISA KEV
Mar 17, 2026 - 14:10 cisa
CISA KEV
CVE Published
Mar 16, 2020 - 18:15 nvd
HIGH 7.5

Tags

Authentication Bypass Unraid

Description

Unraid 6.8.0 allows authentication bypass.

Analysis

Unraid 6.8.0 contains an authentication bypass vulnerability (CVE-2020-5849, CVSS 7.5, EPSS 93.8%) that allows remote attackers to bypass login protections. Companion to CVE-2020-5847 (RCE), these two vulnerabilities together provide complete unauthenticated access and code execution on affected Unraid NAS systems.

Technical Context

The authentication mechanism in Unraid 6.8.0 contains an incorrect comparison (CWE-697) that allows attackers to bypass the login requirement. Combined with CVE-2020-5847 (unauthenticated RCE), these form a complete attack chain against Unraid systems. Even organizations that have restricted management interface access may be vulnerable if the bypass can be triggered through unexpected paths.

Affected Products

['Unraid 6.8.0']

Remediation

Update Unraid beyond 6.8.0. Never expose management interface to the internet. Implement VPN for remote management.

Priority Score

201
Low Medium High Critical
KEV: +50
EPSS: +93.8
CVSS: +38
POC: +20

Share

CVE-2020-5849 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy