Command Injection Vulnerability in QNAP Operating Systems
CVE-2026-24719

6.1MEDIUM

Key Information:

Vendor

QNAP

Vendor
CVE Published:
10 June 2026

What is CVE-2026-24719?

A command injection vulnerability has been identified in multiple versions of QNAP's operating systems. This security flaw allows a remote attacker who has administrative access to execute arbitrary commands on the affected systems. If not addressed, this vulnerability could lead to unauthorized control over essential system operations. Users are urged to update their systems to versions QTS 5.2.9.3492 build 20260507 or later and QuTS hero h5.2.9.3499 build 20260514 or later to mitigate this risk.

Affected Version(s)

QTS 5.2.0 < 5.2.9.3492 build 20260507

QuTS hero h5.2.0

References

CVSS V4

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

coral
.