PT-2026-48360

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

EUVD-2026-35350

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-47205

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

PT-2026-7574

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.8.3350 build 20251216 QNAP QuTS hero h5.3.2 versions prior to h5.3.2.3354 build 20251225 QNAP QuTS hero h5.2.8 versions prior to h5.2.8.3350 build 20251216 Description A flaw exists that allows remote attackers t...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53414)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

Qnap QTS and QuTS hero Improper Limitation of a Pathname to a Restricted Directory (CVE-2023-51364)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-45041

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2025-53596

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-53414

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-53591

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

CVE-2025-52430

CVE-2025-52430 is a NULL pointer dereference vulnerability affecting QNAP QTS and QuTS hero. The issue allows a remote attacker who has an administrator account to trigger a denial-of-service (DoS). Affected versions are older QTS and QuTS hero builds; fixes are available in QTS 5.2.7.3256 (build...

CVE-2025-52426 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

PT-2026-1078

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A NULL pointer dereference issue exists in QNAP operating...

PT-2026-1087

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.3.1.3250 build 20250912 Description An out-of-bounds read issue exists in QNAP operating systems. A remote...

PT-2026-1072

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero h5.2.7 versions prior to 5.2.7.3256 build 20250913 QNAP QuTS hero h5.3.1 versions prior to 5.3.1.3250 build 20250912 Description A NULL pointer dereference issue exists in QNA...

PT-2026-1082

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A use of externally-controlled format string vulnerability...

CVE-2025-62848

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build...

CVE-2025-62848

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build...

CVE-2025-62847

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-62847

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...