CVE-2026-24717

CVE-2026-24717 describes a path traversal vulnerability affecting several QNAP operating system versions. The issue allows an administrator (needs admin privileges) to read unexpected files or system data through a path traversal flaw. Affected products include QTS and QuTS hero lines, with fixed...

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...

CVE-2025-66274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-66277

CVE-2025-66277 is a high-severity, network-exploitable vulnerability in several QNAP OS platforms where a crafted link can enable filesystem traversal to unintended locations. The CVE lists a root cause related to path traversal within a link-following component and indicates a modified impact on...

PT-2026-7573

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QuTS hero h5.3.2.3354 build 20251225 Description A flaw exists where a remote attacker with administrator privileges can trigger a denial-of-service DoS condition through a NULL pointer dereference. Recommendations Updat...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53592)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...

CVE-2025-53591

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

CVE-2025-52863

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

PT-2026-1085

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.3.1.3250 build 20250912 Description A NULL pointer dereference issue exists in QNAP operating systems...

CVE-2025-62847

CVE-2025-62847 is an actual, documented vulnerability affecting QNAP QTS and QuTS hero. It is described as an improper neutralization of argument delimiters in a command, enabling an attacker to alter execution logic on affected systems. Fixed versions are QTS 5.2.7.3297 build 20251024 and later,...

PT-2025-51363

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3297 build 20251024 QNAP versions prior to QuTS hero h5.2.7.3297 build 20251024 QNAP versions prior to QuTS hero h5.3.1.3292 build 20251024 Description An authentication bypass allows unauthorized access to...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2024-50401)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27558)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27562)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27738)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

EUVD-2025-27788

Malicious code in bioql PyPI...

CVE-2025-52858

CVE-2025-52858 is a NULL pointer dereference affecting QNAP QTS and QuTS hero. The vulnerability could allow a remote attacker with an administrator account to trigger a denial-of-service (DoS). Public details confirm affected products and root cause as a NULL pointer dereference, with exploitati...

QNAP QTS和QNAP QuTS hero 格式化字符串错误漏洞

QNAP QTS and QNAP QuTS hero are both a software with data storage and management functions from Taiwan, China-based QNAP Technology QNAP. A Formatting String Error vulnerability exists in QNAP QTS versions prior to version 5.2.6.3195 and QNAP QuTS hero h5.2.6.3195 versions prior to version...

PT-2025-40583

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.6.3195 build 20250715 QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715 Description A flaw exists where a remote attacker, having obtained administrator privileges, can trigger a denial-of-service DoS...

QNAP Systems File Station 5 Unlimited Resource Allocation Vulnerability

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. An unrestricted resource allocation vulnerability exists in QNAP Systems File Station 5,...