QNAP has reported a vulnerability affecting NAS devices
QNAP reported that a local privilege escalation vulnerability (CVE-2026-43284), commonly known as "Dirty Frag" also affects network-attached storage (NAS) appliances. A remote attacker could exploit this vulnerability to trigger elevation of privilege, security restrictions bypass and execution of arbitrary commands with root privileges on the targeted system. Vulnerability affects QNAP x86-based NAS, QNAP ARM64-based NAS, QuTS hero NAS, QuTScloud NAS products. QNAP has now published temporary security measures, company is also working on releasing patches to address the vulnerability and it recommends that users apply the patches as soon as they are released.
More information on vulnerability is available in QNAP security advisory – qnap.com.
20 May 2026