Files or Directories Accessible to External Parties in Synology BeeDrive
CVE-2024-11399

6.8MEDIUM

Key Information:

Vendor: Synology
Status: Beedrive For Desktop
Vendor: CVE Published:; 27 May 2026

What is CVE-2024-11399?

A vulnerability in the redis-server component of Synology BeeDrive for desktop allows local users to exploit files or directories that should not be accessible to external parties. This loophole could enable unauthorized access, facilitating potential denial-of-service attacks through unspecified vectors. Users are urged to update to the latest version to mitigate these security risks.

Affected Version(s)

BeeDrive for desktop *

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Nov 19, 2024

Credit

Bocheng Xiang with FDU(@crispr)

CVE-2024-11399 Data

JSON