Synced 17 Jun 2026 22:27 UTC Account
← All products

Salt

SaltStack · Configuration management
↻ RSS feed
Monitors Salt and tailors your dashboard to that exact version.
all versions0/100 Critical · exploited

Summary iPlain-English security verdict for Salt, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Salt currently scores 0/100 — critical, with active exploitation. 3 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2020-16846. Upgrade immediately and review your exposure to the actively-exploited CVEs below.

Disclosure trend iNew CVEs published for Salt each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2020-16846 CRITICAL exploited OS command injection EPSS 100% → fixed in 3000.3 CVE-2020-11651 CRITICAL exploited EPSS 96% → fixed in 3000.2 CVE-2020-11652 MEDIUM exploited Path traversal EPSS 86% → fixed in 3000.2 CVE-2021-25282 CRITICAL Path traversal EPSS 92% → fixed in 3002.5 CVE-2021-25281 CRITICAL Improper authentication EPSS 73% → fixed in 3002.5 CVE-2021-3197 CRITICAL Injection EPSS 72% → fixed in 3002.5 CVE-2020-25592 CRITICAL Improper authentication EPSS 57% → fixed in 3000.3 CVE-2019-17361 CRITICAL Command injection EPSS 15% → see advisory CVE-2021-25283 CRITICAL Code injection EPSS 10% → fixed in 3002.5 CVE-2021-3148 CRITICAL Command injection EPSS 8% → fixed in 3002.5 CVE-2018-15751 CRITICAL Improper authentication EPSS 5% → fixed in 2018.3.3 CVE-2021-3144 CRITICAL CWE-613 EPSS 5% → fixed in 3002.5

See all 52 known Salt CVEs & security history →

Get alerted about Salt

Be emailed the moment Salt gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Salt — no marketing, no sharing, and we never know what you run. Track your whole stack →

Monitor up to 200 products — freeHit ☆ Monitor on anything you run, then sign in (no password) to sync your stack across devices and unlock smart insights, risk history & CSV/JSON exports. Sign in free →

Frequently asked

Is Salt safe and patched?

Salt currently scores 0/100 — critical, with active exploitation. 3 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2020-16846. Upgrade immediately and review your exposure to the actively-exploited CVEs below.

What should I do about Salt now?

Review the patch-priority list, apply the available fixes (or move to the latest release), and confirm against SaltStack's official advisory. Some issues are under active exploitation, so treat this as urgent.

lifecycle unknown — needs latest supported version

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against SaltStack's official advisory before you patch or upgrade — Salt official site ↗