Incorrect Authorization Vulnerability in QNAP File Station
CVE-2026-24724

6.2MEDIUM

Key Information:

Vendor

QNAP

Vendor
CVE Published:
10 June 2026

What is CVE-2026-24724?

An incorrect authorization vulnerability in QNAP's File Station 6 allows remote attackers with a valid user account to bypass access restrictions, leading to unauthorized actions within the application. This vulnerability poses a significant risk as it can be exploited to compromise sensitive information and system integrity. The issue has been addressed in File Station version 5.5.6.5243 and later, emphasizing the importance of keeping software up to date to prevent exploitation.

Affected Version(s)

File Station 5 5.5.0 < 5.5.6.5243

References

CVSS V4

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Engin AydoÄźan
.