Path Traversal Vulnerability in QNAP Operating System
CVE-2026-24717

1.2LOW

Key Information:

Vendor

QNAP

Vendor
CVE Published:
10 June 2026

What is CVE-2026-24717?

A path traversal vulnerability has been identified in multiple versions of the QNAP operating system. If a remote attacker successfully obtains administrator credentials, they can exploit this flaw to access and read sensitive files and system data that should not be accessible. This vulnerability underscores the importance of securing administrator accounts and implementing regular updates to safeguard against unauthorized file access.

Affected Version(s)

QTS 5.2.0 < 5.2.9.3492 build 20260507

QuTS hero h5.2.0

QuTS hero h5.3.0

References

CVSS V4

Score:
1.2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

coral
.