{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T13:53:15.675","vulnerabilities":[{"cve":{"id":"CVE-2026-3838","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-03-16T14:19:52.877","lastModified":"2026-03-17T14:18:58.587","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the update.php file. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28951."},{"lang":"es","value":"Vulnerabilidad de salto de ruta y ejecución remota de código en la solicitud de actualización de Unraid. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de Unraid. La autenticación es necesaria para explotar esta vulnerabilidad.\n\nLa falla específica existe dentro del archivo update.php. El problema se debe a la falta de validación adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivo. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Fue ZDI-CAN-28951."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:unraid:unraid:7.2.3:*:*:*:*:*:*:*","matchCriteriaId":"D95356E9-EA87-443B-938B-89188AAB478B"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-171/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}