High Threat Security Alert (A26-05-14): Multiple Vulnerabilities in QNAP Products


 

Published on: 12 May 2026

Description:

QNAP has published a security advisory to address multiple vulnerabilities in QNAP products. The list of patches can be found at:
https://www.qnap.com/go/security-advisory/qsa-26-17

Reports indicated that proof-of-concept (PoC) exploit code is available for an elevation of privilege vulnerability (CVE-2026-43284). System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • QNAP NAS devices running x86-based operating system
  • QNAP NAS devices running ARM64-based operating system
  • QNAP NAS devices running QuTS hero operating system
  • QNAP NAS devices running QuTScloud operating system

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to elevation of privilege on an affected system.

 

Recommendation:

System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/go/security-advisory/qsa-26-17
  • https://www.hkcert.org/security-bulletin/qnap-nas-elevation-of-privilege-vulnerability_20260512
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43284
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43500


Tag: QNAP , NAS , QuTS hero , QuTScloud
Tags