HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical RCE in Unraid Web Server (CVE-2026-9773) Allows Authenticated Attackers to Execute Code

A command‑injection flaw (CVE‑2026‑9773) in Unraid OS lets attackers with valid credentials run arbitrary commands as www‑data. The issue is fixed in version 7.3.0, but unpatched installations remain at risk of data compromise and service disruption. For SOC 2‑compliant organizations, the vulnerability underscores the need for robust change‑management and continuous evidence of patching.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
zerodayinitiative.com

Unraid Web Server ToggleState Command Injection (CVE‑2026‑9773) Enables Remote Code Execution

What It Is — A command‑injection flaw in ToggleState.php of the Unraid web UI allows an authenticated attacker to run arbitrary system commands as the www‑data user.

Exploitability — CVSS 8.8 (AV:N/AC:L/PR:L/UI:N). A proof‑of‑concept exists; exploitation requires a valid Unraid login but no further privileges.

Affected Products — Unraid OS (all versions prior to 7.3.0 stable).

Why It Matters for Compliance & Audit Readiness

  • Control Mapping – The vulnerability highlights gaps in your configuration‑management and vulnerability‑remediation controls (SOC 2 CC6.1, CC6.2).
  • Continuous Evidence – Demonstrating timely patching and proof of remediation is essential audit evidence for a defensible SOC 2 report.
  • Enterprise Buyer Expectations – Prospects increasingly request proof that critical infrastructure is kept up‑to‑date; a missing patch can stall deals.

Recommended Actions

  • Verify your Unraid version; upgrade immediately to 7.3.0 stable or later.
  • Map the finding to SOC 2 Change Management and Vulnerability Management controls; record the remediation ticket and patch deployment as audit evidence.
  • Enable automated monitoring for future Unraid releases and integrate patch status into your continuous compliance dashboard.

Source: Zero Day Initiative Advisory ZDI‑26‑386

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-386/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →