Path Traversal Vulnerability in QNAP Operating System
CVE-2026-24717
1.2LOW
What is CVE-2026-24717?
A path traversal vulnerability has been identified in multiple versions of the QNAP operating system. If a remote attacker successfully obtains administrator credentials, they can exploit this flaw to access and read sensitive files and system data that should not be accessible. This vulnerability underscores the importance of securing administrator accounts and implementing regular updates to safeguard against unauthorized file access.
Affected Version(s)
QTS 5.2.0 < 5.2.9.3492 build 20260507
QuTS hero h5.2.0
QuTS hero h5.3.0