High Threat Security Alert (A26-05-02): Vulnerability in QNAP Product


 

Published on: 04 May 2026

Description:

QNAP has published a security advisory to address a vulnerability in QNAP product. The list of patches can be found at:
https://www.qnap.com/go/security-advisory/qsa-26-16

Reports indicated that an elevation of privilege vulnerability (CVE-2026-31431) is being exploited in the wild. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • QNAP ARM64 NAS models running QTS operating system on Linux Kernel 5.10

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerability could lead to elevation of privilege on an affected system.

 

Recommendation:

System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/go/security-advisory/qsa-26-16
  • https://www.hkcert.org/security-bulletin/qnap-nas-elevation-of-privilege-vulnerability_20260504
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31431


Tag: QNAP , ARM64 , NAS , Linux , Kernel
Tags