PatchSiren cyber security CVE debrief
CVE-2026-24719 QNAP Systems Inc. CVE debrief
CVE-2026-24719 is a HIGH severity command injection vulnerability affecting several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. The vulnerability has already been fixed in QTS 5.2.9.3492 build 20260507 and later, and QuTS hero h5.2.9.3499 build 20260514 and later.
- Vendor
- QNAP Systems Inc.
- Product
- QTS
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Administrators of QNAP operating systems should review their systems and apply the necessary updates to prevent exploitation of this vulnerability.
Technical summary
The vulnerability, tracked as CVE-2026-24719, has a CVSS score of 8.6 and is considered HIGH severity. It allows an attacker to execute arbitrary commands if they gain an administrator account.
Defensive priority
HIGH
Recommended defensive actions
- Apply the necessary updates: QTS 5.2.9.3492 build 20260507 and later, and QuTS hero h5.2.9.3499 build 20260514 and later.
- Review system configurations and ensure administrator accounts are secure.
Evidence notes
The CVE record and details can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-24719). Additional information is available from [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-24719). The QNAP security advisory can be found at [ref-4](https://www.qnap.com/en/security-advisory/qsa-26-23).
Official resources
-
CVE-2026-24719 CVE record
CVE.org
-
CVE-2026-24719 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-24719 was published on 2026-06-10T04:17:17.007Z and modified on 2026-06-10T19:43:28.857Z.