Cross-Site Scripting Vulnerability in QNAP Operating Systems
CVE-2026-41539
6.3MEDIUM
What is CVE-2026-41539?
A cross-site scripting vulnerability has been identified in multiple versions of QNAP operating systems, allowing remote attackers to exploit it. This can enable the bypassing of security measures or unauthorized access to application data. To mitigate risks, users are advised to update to the latest versions of QTS and QuTS hero, which include security patches that resolve this issue.
Affected Version(s)
QTS 5.2.0 < 5.2.9.3492 build 20260507
QuTS hero h5.2.0
QuTS hero h5.3.0