Description:
QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The list of patches can be found at:
https://www.qnap.com/go/security-advisory/qsa-26-07
https://www.qnap.com/go/security-advisory/qsa-26-09
https://www.qnap.com/go/security-advisory/qsa-26-11
https://www.qnap.com/go/security-advisory/qsa-26-12
https://www.qnap.com/go/security-advisory/qsa-26-15
Affected Systems:
- QNAP NAS devices running Media Streaming Add-on versions prior to 500.1.1
- QNAP NAS devices running QuFTP Service versions prior to 1.4.3,1.5.2,1.6.2
- QNAP NAS devices running QuNetSwitch versions prior to 2.0.4.0415,2.0.5.0906
- QNAP NAS devices running QuRouter versions prior to 2.6.3.009
- QNAP NAS devices running QVR Pro versions prior to 2.7.4.1485
For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.
Impact:
Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass or tampering on an affected system.
Recommendation:
Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.qnap.com/go/security-advisory/qsa-26-07
- https://www.qnap.com/go/security-advisory/qsa-26-09
- https://www.qnap.com/go/security-advisory/qsa-26-11
- https://www.qnap.com/go/security-advisory/qsa-26-12
- https://www.qnap.com/go/security-advisory/qsa-26-15
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59383
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62843 (to CVE-2025-62846)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22895
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22897 (to CVE-2026-22898)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22900 (to CVE-2026-22902)
