SaltStack Discloses Two Critical Vulnerabilities in Salt...

SaltStack Discloses Two Critical Vulnerabilities in Salt Framework (CVE-2020-16846, CVE-2020-25592)

On November 3, SaltStack published an advisory detailing three vulnerabilities discovered in Salt, a management framework used in data centers and cloud environments as a tool to configure, monitor and update systems.

CVE-2020-16846 | High or Critical
CVE-2020-25592 | High or Critical
CVE-2020-17490 | Low

Of the three vulnerabilities disclosed, two are rated as high or critical by the SaltStack team. These critical vulnerabilities include a shell injection flaw and an improper authentication vulnerability.

Earlier this year, SaltStack disclosed a pair of vulnerabilities in the Salt framework that were quickly exploited in the wild just days after patches became available.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

SaltStack Discloses Two Critical Vulnerabilities in Salt...

Recent Discussions

Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury

Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Exploited in the Wild

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Americas

Europe

Asia / Australia