Cross-Site Scripting Vulnerability in QNAP Operating Systems
CVE-2026-41539

6.3MEDIUM

Key Information:

Vendor

QNAP

Vendor
CVE Published:
9 June 2026

What is CVE-2026-41539?

A cross-site scripting vulnerability has been identified in multiple versions of QNAP operating systems, allowing remote attackers to exploit it. This can enable the bypassing of security measures or unauthorized access to application data. To mitigate risks, users are advised to update to the latest versions of QTS and QuTS hero, which include security patches that resolve this issue.

Affected Version(s)

QTS 5.2.0 < 5.2.9.3492 build 20260507

QuTS hero h5.2.0

QuTS hero h5.3.0

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.