Friday, 10 July 2026

QNAP company releases security updates

QNAP has notified its users of security vulnerabilities affecting QNAP products. A remote attacker can exploit these vulnerabilities (CVE-2026-22898, CVE-2026-22897, CVE-2026-22900, CVE-2026-22901, CVE-2026-22902, CVE-2025-59383, CVE-2025-62843, CVE-2025-62844, CVE-2025-62846, CVE-2025-62845, CVE-2026-22895) to trigger elevation of privilege, arbitary code execution, denial of service condition, data manipulation, sensitive information disclosure, security restrictions bypass on the targeted system.

Fixes have been added to the following versions of QNAP products to eliminate these vulnerabilities: QVR Pro 2.7.4.1485, QuNetSwitch 2.0.4.0415, QuNetSwitch 2.0.5.0906, Media Streaming Add-on 500.1.1, QuRouter 2.6.3.009, QuFTP Service 1.4.3, QuFTP Service 1.5.2, QuFTP Service 1.6.2.  

More information on vulnerabilities and updates is available in QNAP security advisories – qnap.com.

25 March 2026

-
28