Security Alert (A26-06-41): Multiple Vulnerabilities in QNAP Products


 

Published on: 24 June 2026

Description:

QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The list of patches can be found at:
https://www.qnap.com/go/security-advisory/qsa-26-10
https://www.qnap.com/go/security-advisory/qsa-26-35

 

Affected Systems:

  • QNAP NAS devices running License Center versions 1.8.56
  • QNAP NAS devices running QTS operating system versions 5.2.7
  • QNAP NAS devices running QuTS hero operating system versions h5.2.8
  • QNAP NAS devices running QuTS cloud versions C5.2.8
  • QNAP NAS devices running QuMagie versions 2.8.2, 2.9.0
  • QNAP NAS devices running QVP versions 2.7.1

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure or security restriction bypass on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/go/security-advisory/qsa-26-10
  • https://www.qnap.com/go/security-advisory/qsa-26-35
  • https://www.hkcert.org/security-bulletin/qnap-nas-multiple-vulnerabilities_20260624
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59382
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62851
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62858
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66273
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66279 (to CVE-2025-66281)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68405
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22893
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22899
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24720
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24724
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26236 (to CVE-2026-26237)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26239 (to CVE-2026-26241)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44083


Tag: QNAP , QTS , QuMagie , QVP
Tags