PatchSiren cyber security CVE debrief
CVE-2026-24717 QNAP Systems Inc. CVE debrief
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
- Vendor
- QNAP Systems Inc.
- Product
- QTS
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Administrators of QNAP operating systems, particularly those using versions prior to QTS 5.2.9.3492, QuTS hero h5.2.9.3499, QuTS hero h5.3.4.3500, and QuTS hero h6.0.0.3459.
Technical summary
The vulnerability, identified as CVE-2026-24717, allows an attacker with administrator privileges to exploit a path traversal weakness. This can lead to unauthorized access to files or system data.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to QTS 5.2.9.3492 or later
- Update to QuTS hero h5.2.9.3499 or later
- Update to QuTS hero h5.3.4.3500 or later
- Update to QuTS hero h6.0.0.3459 or later
Evidence notes
The vulnerability has been fixed in the specified versions.
Official resources
-
CVE-2026-24717 CVE record
CVE.org
-
CVE-2026-24717 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Broken Link
CVE-2026-24717 was published on 2026-06-10T04:17:16.867Z and modified on 2026-06-12T20:21:12.710Z.