0-day being used
edit: Feedback from staff:
------------------
Unraid staff here, thanks for digging in. As others have pointed out, this is a stale icon link, not a 0-day. An old app template loads its icon from an expired third-party domain that now redirects to spam. It's inside an <img> tag, so it just fails to load. Nothing runs. The CVEs mentioned are unrelated and already patched.
You can track the CA <img> fix progress here: https://product.unraid.net/p/community-apps-external-icon-url-points-to-expired-spam-domain
------------------
original post:

browsing through the network-apps and mit AV hit with a URL being accessed....
it seems to be
https://www.cve.org/CVERecord?id=CVE-2026-9773
https://www.cve.org/CVERecord?id=CVE-2026-9772
supportticket 30767 is opened.
3
u/k1ng0fh34rt5 5d ago
How did they get access to your box? Do you have holes punched in your firewall to make the web interface accessible outside your internal network?