PatchSiren cyber security CVE debrief
CVE-2025-66276 QNAP CVE debrief
CVE-2025-66276 is a critical vulnerability in QNAP QTS, with a CVSS score of 9.2. The vulnerability has been fixed in QTS 5.2.7.3256 build 20250913 and later. QuTS hero is not affected by this vulnerability.
- Vendor
- QNAP
- Product
- QTS
- CVSS
- CRITICAL 9.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of QNAP QTS systems, particularly those using versions prior to QTS 5.2.7.3256 build 20250913.
Technical summary
CVE-2025-66276 is a critical vulnerability in QNAP QTS. The Common Vulnerability Scoring System (CVSS) score is 9.2, indicating a high severity. The vulnerability was published on 2026-06-10T03:16:24.730Z and last modified on 2026-06-12T20:25:51.970Z.
Defensive priority
High
Recommended defensive actions
- Upgrade to QTS 5.2.7.3256 build 20250913 or later to mitigate the vulnerability.
- Refer to the vendor advisory at resourceLinkAnnotations with id 'ref-4' for additional information and guidance.
Evidence notes
The information provided is based on data from official sources, including the CVE record and NVD details.
Official resources
-
CVE-2025-66276 CVE record
CVE.org
-
CVE-2025-66276 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
This CVE debrief is based on information from official sources and is intended for defensive purposes only.