logo

Multiple Vulnerabilities in QNAP NAS Devices Resolved Through Security Updates

ID: 85cd4ecf-da47-596d-8c1d-01beee53b1a2

STIX ID: report--85cd4ecf-da47-596d-8c1d-01beee53b1a2

Feed Name: The Cyber Express

Threat Score
70/100

Date Published: 2026-06-24

Date Updated: 2026-06-24

Author: Ashish Khaitan

...
...

QNAP published advisories (QSA-26-10 and related notice) disclosing multiple “Important”-rated vulnerabilities across QTS, QuTS hero, QuTS cloud, and QVP appliances — including CVE-2025-59382 (URL injection leading to credential theft), several command injection and RCE-capable flaws (e.g., CVE-2025-66273, CVE-2026-22893), multiple stack-based buffer overflows (CVE-2026-26239/40/41), access control and resource-consumption issues, and NULL pointer dereferences; QNAP released fixes in QVP 2.8.0, QuTS cloud C5.2.9, QTS 5.2.9.3499, and QuTS hero h5.2.9 and recommends immediate firmware updates.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.