Critical severity9.6NVD Advisory· Published Mar 31, 2025· Updated Apr 15, 2026

CVE-2025-29266

Description

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

Patches

9b30af0fb1ed

https://github.com/unraid/webguivia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

docs.unraid.net/unraid-os/release-notes/7.0.1/nvd
edac.dev/security/CVE-2025-29266/nvd

News mentions

No linked articles in our index yet.

cvss	0.624
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000