PatchSiren cyber security CVE debrief
CVE-2026-24720 QNAP Systems Inc. CVE debrief
CVE-2026-24720 is a vulnerability in QNAP File Station 6, which allows an attacker with a user account to cause a denial of service by preventing other systems, applications, or processes from accessing the same type of resource. The vulnerability has a CVSS score of 5.3 and is classified as MEDIUM severity. QNAP has fixed the vulnerability in File Station 5 version 5.5.6.5243 and later.
- Vendor
- QNAP Systems Inc.
- Product
- File Station 5
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of QNAP File Station 6, especially those with user accounts that could be compromised.
Technical summary
The vulnerability is caused by an allocation of resources without limits or throttling. An attacker with a user account can exploit this vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to File Station 5 version 5.5.6.5243 or later.
- Restrict access to File Station 6 to trusted users and accounts.
- Monitor File Station 6 for suspicious activity.
Evidence notes
The vulnerability was reported to affect File Station 6 and has been fixed in File Station 5 version 5.5.6.5243 and later.
Official resources
-
CVE-2026-24720 CVE record
CVE.org
-
CVE-2026-24720 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Broken Link
CVE-2026-24720 was published on 2026-06-10T04:17:17.127Z and modified on 2026-06-12T13:49:15.650Z.