NULL Pointer Dereference Vulnerability in QNAP File Station
CVE-2026-22899

1.3LOW

Key Information:

Vendor

QNAP

Vendor
CVE Published:
10 June 2026

What is CVE-2026-22899?

A NULL pointer dereference vulnerability has been identified in QNAP’s File Station 6 product. This vulnerability allows a remote attacker, who has gained user account access, to exploit the flaw and potentially initiate a denial-of-service (DoS) attack. Users are advised to update to File Station version 5.5.6.5208 or later to mitigate any risk associated with this vulnerability.

Affected Version(s)

File Station 5 5.5.0 < 5.5.6.5208

References

CVSS V4

Score:
1.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

coral
.