NULL Pointer Dereference Vulnerability in QNAP Operating Systems
CVE-2026-24716
1.2LOW
What is CVE-2026-24716?
A NULL pointer dereference vulnerability has been identified in various versions of QNAP operating systems. This flaw allows an attacker with administrator access to exploit the vulnerability, potentially leading to a denial-of-service (DoS) scenario, where legitimate users are unable to access services. It is crucial for users to update to the latest versions of the software, which include fixes for this vulnerability, to avoid potential exploitation or service disruptions. For secure operation, always ensure that your system is running the recommended builds or later.
Affected Version(s)
QTS 5.2.0 < 5.2.9.3492 build 20260507
QuTS hero h5.2.0
QuTS hero h5.3.0