PatchSiren cyber security CVE debrief

CVE-2026-26236 QNAP Systems Inc. CVE debrief

CVE-2026-26236 is a high-severity vulnerability in QuMagie, a QNAP product. The vulnerability has a CVSS score of 8.7 and allows remote attackers to access unauthorized data or perform unauthorized actions due to a missing authorization issue. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].

Vendor: QNAP Systems Inc.
Product: QuMagie
CVSS: MEDIUM 6.6
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-09
Original CVE updated: 2026-06-17
Advisory published: 2026-06-09
Advisory updated: 2026-06-17

Who should care

Users of QuMagie versions prior to 2.9.0 should apply the patch to prevent exploitation.

Technical summary

The vulnerability is caused by a missing authorization issue in QuMagie, allowing remote attackers to access unauthorized data or perform unauthorized actions. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

High

Recommended defensive actions

Apply the patch by upgrading to QuMagie version 2.9.0 or later.
Review and restrict access to QuMagie to prevent unauthorized access.

Evidence notes

The vulnerability was reported by QNAP and has been fixed in QuMagie version 2.9.0 and later.

Official resources

CVE-2026-26236 CVE record
CVE.org
CVE-2026-26236 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected] - Broken Link

CVE-2026-26236 was published on 2026-06-09T05:16:34.453Z and modified on 2026-06-12T15:35:00.163Z.