Security vulnerability discovered in QNAP NAS
A vulnerability was identified in QNAP network-attached storage (NAS) appliances. A local privilege escalation vulnerability (CVE-2026-31431), commonly known as "Copy Fail" may already be exploited. A remote attacker can exploit this vulnerability to trigger elevation of privilege on the targeted system. Vulnerability affects QTS operating system on specific QNAP ARM64 NAS models running Kernel 5.10. QNAP is currently investigating the issue and developing security updates.
More information on vulnerability and updates is available in QNAP security advisory – qnap.com
04 May 2026