PatchSiren cyber security CVE debrief
CVE-2026-24716 QNAP Systems Inc. CVE debrief
CVE-2026-24716 is a NULL pointer dereference vulnerability affecting several QNAP operating system versions. A remote attacker with administrator privileges can exploit this vulnerability to launch a denial-of-service (DoS) attack. The vulnerability has been fixed in QTS 5.2.9.3492 build 20260507 and later, QuTS hero h5.2.9.3499 build 20260514 and later, QuTS hero h5.3.4.3500 build 20260520 and later, and QuTS hero h6.0.0.3459 build 20260409 and later.
- Vendor
- QNAP Systems Inc.
- Product
- QTS
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Administrators of QNAP operating systems should apply the necessary patches to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by a NULL pointer dereference, which can be exploited by a remote attacker with administrator privileges to launch a DoS attack.
Defensive priority
Medium
Recommended defensive actions
- Apply the patches provided by QNAP: QTS 5.2.9.3492 build 20260507 and later, QuTS hero h5.2.9.3499 build 20260514 and later, QuTS hero h5.3.4.3500 build 20260520 and later, and QuTS hero h6.0.0.3459 build 20260409 and [c
Evidence notes
The vulnerability was reported to affect several QNAP operating system versions.
Official resources
-
CVE-2026-24716 CVE record
CVE.org
-
CVE-2026-24716 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-24716 was published on 2026-06-10T04:17:16.737Z and modified on 2026-06-10T19:43:28.857Z.