PatchSiren cyber security CVE debrief
CVE-2026-44083 QNAP Systems Inc. CVE debrief
CVE-2026-44083 is a high-severity vulnerability (CVSS Score: 8.7) affecting QuMagie, a product by QNAP. The vulnerability is caused by an authorization bypass through user-controlled key, allowing remote attackers to gain unintended privileges. The issue was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-44083) and detailed on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-44083).
- Vendor
- QNAP Systems Inc.
- Product
- QuMagie
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-12
Who should care
Users of QuMagie versions prior to 2.9.1 should update to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability is caused by an authorization bypass through user-controlled key in QuMagie. This allows remote attackers to gain unintended privileges. The issue is classified under CWE-639.
Defensive priority
High
Recommended defensive actions
- Update QuMagie to version 2.9.1 or later.
Evidence notes
The vulnerability was reported to affect QuMagie and was fixed in QuMagie 2.9.1 and later.
Official resources
-
CVE-2026-44083 CVE record
CVE.org
-
CVE-2026-44083 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Broken Link
CVE-2026-44083 was published on 2026-06-09T08:16:28.940Z and modified on 2026-06-12T15:47:47.960Z.