Known exploited
QNAP Systems
CVE published 2022-03-25
CVE-2020-2506
CVE-2020-2506 is a QNAP Helpdesk improper access control vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-03-25, which means it is recognized as being actively exploited or otherwise confirmed as exploited in the wild. Organizations running QNAP Helpdesk should treat remediation as urgent and follow the vendor’s update guidance.