SaltStack SaltStack In October 2020, VMware acquired SaltStack. SaltStack helps customers to automate ITOps, DevOps, NetOps or SecOps functions.

  1. Vendors
  2. SaltStack

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any SaltStack product.

RSS Feeds for SaltStack security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in SaltStack products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by SaltStack Sorted by Most Security Vulnerabilities since 2018

SaltStack Salt38 vulnerabilities

SaltStack Salt 20181 vulnerability

SaltStack Salt 20191 vulnerability

Known Exploited SaltStack Vulnerabilities

The following SaltStack vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
SaltStack directory traversal failure to sanitize untrusted input The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
CVE-2020-11652 Exploit Probability: 94.3% 		November 3, 2021
SaltStack Salt Authentication Bypass The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication.
CVE-2020-11651 Exploit Probability: 94.4% 		November 3, 2021
SaltStack Through 3002 Shell Injection Vulnerability An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
CVE-2020-16846 Exploit Probability: 94.4% 		November 3, 2021

Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 0 vulnerabilities in SaltStack. Last year, in 2025 SaltStack had 7 security vulnerabilities published. Right now, SaltStack is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 7 7.50
2024 2 0.00
2023 3 7.63
2022 5 7.78
2021 13 8.15
2020 6 8.98
2019 1 9.80
2018 2 7.55

It may take a day or so for new SaltStack vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent SaltStack Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-38824 Jun 13, 2025
Directory Traversal via recv_file Enables Arbitrary File Write to Master Cache Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
Salt
CVE-2024-38823 Jun 13, 2025
SaltStack Salt Request Server Replay Attack (No TLS) Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.
Salt
CVE-2025-22236 Jun 13, 2025
Salt Minion v>=3007.0 Event Bus Auth Bypass Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).
Salt
CVE-2024-38822 Jun 13, 2025
Salt Master Token Validation Bypass Enables Minion Impersonation Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.
Salt
CVE-2025-22240 Jun 13, 2025
SaltStack GitFS arbitrary file deletion via unvalidated tgt_env path Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the tgt_env variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
Salt
CVE-2024-38825 Jun 13, 2025
SaltStack: pki Auth Allows Authentication Without Private Key The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
Salt
CVE-2025-22242 Jun 13, 2025
SaltStack Salt Master pub_ret Untrusted File Read DoS Worker process denial of service through file read operation. .A vulnerability exists in the Master's pub_ret method which is exposed to all minions. The un-sanitized input value jid is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.
Salt
CVE-2024-22232 Jun 27, 2024
Directory Traversal in Salt File Server Enables Arbitrary File Read A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt masters filesystem.
Salt
CVE-2024-22231 Jun 27, 2024
Syndic cache dir traversal leads to arbitrary directory creation on Salt Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.
Salt
CVE-2023-20897 Sep 05, 2023
SaltStack Salt 3005.2/3006.2 DoS via Minion Return Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
Salt
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.