PatchSiren cyber security CVE debrief
CVE-2026-26237 QNAP Systems Inc. CVE debrief
CVE-2026-26237 is a high-severity vulnerability in QuMagie, a QNAP product. The vulnerability has a CVSS score of 8.7 and allows remote attackers to access unauthorized data or perform unauthorized actions due to a missing authorization issue. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- QNAP Systems Inc.
- Product
- QuMagie
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Users of QuMagie versions prior to 2.9.0 should apply the patch to prevent exploitation.
Technical summary
The vulnerability is caused by a missing authorization issue in QuMagie, allowing remote attackers to access unauthorized data or perform unauthorized actions. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
High
Recommended defensive actions
- Apply the patch by upgrading to QuMagie version 2.9.0 or later.
Evidence notes
The vulnerability was reported to affect QuMagie and has been fixed in version 2.9.0 and later.
Official resources
-
CVE-2026-26237 CVE record
CVE.org
-
CVE-2026-26237 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Broken Link
CVE-2026-26237 was published on 2026-06-10T04:17:19.067Z and modified on 2026-06-12T19:53:02.280Z.