Authentication Bypass in QTS Software by QNAP
CVE-2025-66276

9.2CRITICAL

Key Information:

Vendor

QNAP

Vendor
CVE Published:
10 June 2026

What is CVE-2025-66276?

The authentication bypass vulnerability in QTS allows unauthorized access to sensitive functionalities, potentially compromising system security. QNAP has addressed this issue in version 5.2.7.3256 build 20250913 and later, ensuring affected users are urged to update their software to maintain optimal protection against unauthorized access.

Affected Version(s)

QTS 5.2.0 < 5.2.7.3256 build 20250913

QuTS hero ?

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VĂ­ctor A. Morales
.