Cyber Resilience

CVE-2020-5847

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 16 March 2020

Published
16 March 2020
Modified
17 March 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9382 99.9th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-5847 is a critical-severity an unspecified weakness vulnerability in Unraid Unraid. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2020-5847 is a remote code execution vulnerability affecting Unraid versions through 6.8.0. It carries a CVSS v3.1 base score of 9.8 and is classified under NVD-CWE-Other.

The flaw enables unauthenticated attackers to bypass authentication and achieve arbitrary code execution as root over the network. Public exploit code demonstrating the authentication bypass and code execution has been posted to PacketStorm.

Reference materials from Sysdream and the Unraid forums describe the issue as unauthenticated remote code execution as root in version 6.8.0, with additional technical analysis available at the listed URLs. No specific mitigation details such as patch versions or configuration changes are provided in the source data.

EU & UK References

Vulnerability details

Unraid through 6.8.0 allows Remote Code Execution.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

unraid
unraid
≤ 6.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the unauthenticated authentication bypass and subsequent root-level code execution by enforcing access-control policy before any action is permitted.

prevent

Requires authenticated, authorized, and monitored remote-access paths, eliminating the open network vector used by the exploit.

prevent

Mandates prompt application of vendor patches that close the specific unauthenticated RCE flaw in Unraid ≤6.8.0.

References