NULL Pointer Dereference Vulnerability in QNAP Operating Systems
CVE-2026-24716

1.2LOW

Key Information:

Vendor

QNAP

Vendor
CVE Published:
10 June 2026

What is CVE-2026-24716?

A NULL pointer dereference vulnerability has been identified in various versions of QNAP operating systems. This flaw allows an attacker with administrator access to exploit the vulnerability, potentially leading to a denial-of-service (DoS) scenario, where legitimate users are unable to access services. It is crucial for users to update to the latest versions of the software, which include fixes for this vulnerability, to avoid potential exploitation or service disruptions. For secure operation, always ensure that your system is running the recommended builds or later.

Affected Version(s)

QTS 5.2.0 < 5.2.9.3492 build 20260507

QuTS hero h5.2.0

QuTS hero h5.3.0

References

CVSS V4

Score:
1.2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

coral
.