Icewhale Casaos

7 CVEs affecting Icewhale Casaos. Latest disclosed: 2026-01-02. Critical: 4, High: 2.

Top CVEs affecting Icewhale Casaos
CVESeverityScorePublishedSummary
CVE-2023-37266Critical9.82023-07-17CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and…
CVE-2023-37265Critical9.82023-07-17CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root`…
CVE-2022-24193Critical9.82022-03-10CasaOS before v0.2.7 was discovered to contain a command injection vulnerability.
CVE-2024-24767Critical9.12024-03-06CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against pa…
CVE-2023-37469High8.82023-08-24CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled S…
CVE-2024-24765High7.52024-03-06CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not st…
CVE-2025-34171Medium5.32026-01-02CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and…