CVE-2020-5847
Unraid Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
95.8%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
95.8%EPSS · 30 days95.8%
2026-06-302026-07-16
Product
Unraid / Unraid
Vulnerability
Unraid Remote Code Execution Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-5847
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2020-5849—99.8%
KEV—80Unraid Authentication Bypass Vulnerability—