Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability

8.8 / 10

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.

The specific flaw exists within FileUpload.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-30116.

AI Analysis

Unraid Web Server is vulnerable to a FileUpload Command Injection Remote Code Execution Vulnerability, allowing remote attackers to execute arbitrary code on affected installations of Unraid.

Basic Information

ID CVE-2026-9772

Source zdi

Published Jun 24, 2026 at 21:35

Affected Product

Vendor Unraid

Product Unraid

Version 1161ec120

Affected Versions Unraid Unraid 1161ec120

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Unraid

Product Unraid Web Server

Version 1161ec120

References

www.zerodayinitiative.com /advisories/ZDI-26-385/

{
    "lastseen": "",
    "description": "Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within FileUpload.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-30116.",
    "published": "2026-06-24T21:35:27.773Z",
    "modified": "2026-06-24T21:35:27.773Z",
    "type": "cve",
    "title": "Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability",
    "source": "zdi",
    "references": "https://www.zerodayinitiative.com/advisories/ZDI-26-385/",
    "id": "CVE-2026-9772",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Unraid Unraid 1161ec120",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Unraid",
    "version": "1161ec120",
    "vendor": "Unraid",
    "ai_description": "Unraid Web Server is vulnerable to a FileUpload Command Injection Remote Code Execution Vulnerability, allowing remote attackers to execute arbitrary code on affected installations of Unraid.",
    "ai_severity": "High",
    "ai_vendor": "Unraid",
    "ai_product": "Unraid Web Server",
    "ai_version": "1161ec120",
    "ai_score": 8.8
}

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability_CVE-2026-9772