Command Injection Vulnerability in QNAP Operating Systems
CVE-2026-24719
6.1MEDIUM
What is CVE-2026-24719?
A command injection vulnerability has been identified in multiple versions of QNAP's operating systems. This security flaw allows a remote attacker who has administrative access to execute arbitrary commands on the affected systems. If not addressed, this vulnerability could lead to unauthorized control over essential system operations. Users are urged to update their systems to versions QTS 5.2.9.3492 build 20260507 or later and QuTS hero h5.2.9.3499 build 20260514 or later to mitigate this risk.
Affected Version(s)
QTS 5.2.0 < 5.2.9.3492 build 20260507
QuTS hero h5.2.0