CVE-2020-16846CISA KEVEPSS p99.9%

CVE-2020-16846SaltStack Salt Shell Injection Vulnerability

SaltStack / Salt

Description

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

Scoring

EPSS99.59% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntrySaltStack Salt Shell Injection Vulnerabilitykev-cve-2020-168460%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
SaltStack Salt Authentication Bypass Vulnerability
CVE
SaltStack Salt Path Traversal Vulnerability
CVE
CVE-2022-46169
CVE
CVE-2026-41478
CVE
CVE-2025-22239
CVE
Apache Kylin OS Command Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.