What is CVE-2026-3838?

CVE-2026-3838 is a high-severity vulnerability in Unraid, classified under Path Traversal. CVSS score: 8.8/10. Published 2026-03-13.

How severe is CVE-2026-3838?

High severity. CVSS v3 base score is 8.8 out of 10.

Path Traversal in Unraid

CVE-2026-3838

Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. …

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.050 (89.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Unraid — versions 7.2.3

Weakness classification (CWE)

CWE-22 — Path Traversal

References

ZDI-26-171 (x_research-advisory)

Frequently asked questions

What is CVE-2026-3838?: CVE-2026-3838 is a high-severity vulnerability in Unraid, classified under Path Traversal. CVSS score: 8.8/10. Published 2026-03-13.
How severe is CVE-2026-3838?: High severity. CVSS v3 base score is 8.8 out of 10.