CVE-2025-29266CRITICAL 9.6EPSS p28.6%

CVE-2025-29266CVE-2025-29266

Description

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.37% probability of exploitation · percentile 28.6% · 2026-06-18T12:00:27Z
Published2025-03-31
Last modified2026-04-15

Underlying weaknesses· 1

CWE-289

References

  1. https://docs.unraid.net/unraid-os/release-notes/7.0.1/
  2. https://edac.dev/security/CVE-2025-29266/
  3. https://github.com/unraid/webgui

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Alternate Namecwe-2890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Unraid Authentication Bypass Vulnerability
CVE
Unraid Remote Code Execution Vulnerability
CVE
CVE-2026-44926
CVE
CVE-2026-34908
CVE
CVE-2025-25269
CVE
CVE-2026-43575
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.