Icewhale Casaos
7 CVEs affecting Icewhale Casaos. Latest disclosed: 2026-01-02. Critical: 4, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-37266 | Critical | 9.8 | 2023-07-17 | CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and… |
CVE-2023-37265 | Critical | 9.8 | 2023-07-17 | CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root`… |
CVE-2022-24193 | Critical | 9.8 | 2022-03-10 | CasaOS before v0.2.7 was discovered to contain a command injection vulnerability. |
CVE-2024-24767 | Critical | 9.1 | 2024-03-06 | CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against pa… |
CVE-2023-37469 | High | 8.8 | 2023-08-24 | CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled S… |
CVE-2024-24765 | High | 7.5 | 2024-03-06 | CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not st… |
CVE-2025-34171 | Medium | 5.3 | 2026-01-02 | CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and… |