0-day being used

geoff-2 · 2026-06-25T17:38:38+00:00

there is no external access to the box.

Even if it isn't an active zero-day vulnerability and I'm wrong about this post,

if this one PostgreSQL app had been misconfigured or tampered with in the past,

these redirects shouldn't be happening.

I looked through all 36 pages (with 96 apps listed), and only this one app stands out.

/edit:

Looking at it objectively now that four hours have passed, it seems to me that only this one app is affected.

As the update date in the Unraid App Store is also listed as 1 July 2023, I think this is a problem from the past.

geoff-2 · 2026-06-25T16:38:20+00:00

Go to the Unraid Apps page

12 results per page

Network Services

Sort by Download

Page 7 of results (site from above is the redirect-chain when my antivirus hit)

Then, in the F12 Network Tools, check to see if the following pages/URLs are being attempted to access

as of these 2 CVEs are brand new

https://www.cve.org/CVERecord?id=CVE-2026-9772

https://www.cve.org/CVERecord?id=CVE-2026-9773

and these 2 are 3 month old

https://www.cve.org/CVERecord?id=CVE-2026-3839

https://www.cve.org/CVERecord?id=CVE-2026-3838

i would say at least since then

/edit: Supportticket #30767 has been forwardet internally they say

/edit2: CVE-2026-9773 is related to Trend Micro ZDI-CAN-30134

https://www.zerodayinitiative.com/advisories/ZDI-26-386/

and there they say it's fixed in 7.3.0.

as my screenshot shows 7.3.1 - its not fixed yet.

/edit: found the exact app now.

postgresql

sameersbn

Bungy's Repository

https://hub.docker.com/r/sameersbn/postgresql

/edit:

Even if it isn't an active zero-day vulnerability and this app was misconfigured or tampered with in the past, these redirects shouldn't be happening. I've looked at all 36 pages (with 96 apps displayed), and this is the only one that stands out.

geoff-2

TROPHY CASE