Multiple Vulnerabilities in QNAP NAS Devices Resolved Through Security Updates
ID: 85cd4ecf-da47-596d-8c1d-01beee53b1a2
STIX ID: report--85cd4ecf-da47-596d-8c1d-01beee53b1a2
Feed Name: The Cyber Express
QNAP published advisories (QSA-26-10 and related notice) disclosing multiple “Important”-rated vulnerabilities across QTS, QuTS hero, QuTS cloud, and QVP appliances — including CVE-2025-59382 (URL injection leading to credential theft), several command injection and RCE-capable flaws (e.g., CVE-2025-66273, CVE-2026-22893), multiple stack-based buffer overflows (CVE-2026-26239/40/41), access control and resource-consumption issues, and NULL pointer dereferences; QNAP released fixes in QVP 2.8.0, QuTS cloud C5.2.9, QTS 5.2.9.3499, and QuTS hero h5.2.9 and recommends immediate firmware updates.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
