A plaintext storage vulnerability in Synology SSL VPN Client before version 1.4.5-0684 allows remote attackers to access or influence a user's PIN code due to insecure storage. The vulnerability, published on 2026-04-10 and last modified on 2026-05-29, carries a CVSS 3.1 score of 8.1 (HIGH severity) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. The attack requires network access, low attack co [truncated]
A vulnerability in Synology SSL VPN Client versions prior to 1.4.5-0684 exposes files within the installation directory through a local HTTP server bound to the loopback interface. The flaw, classified as files or directories accessible to external parties (CWE-552), enables remote attackers to retrieve sensitive files—including configuration files, certificates, and logs—by inducing user interaction with [truncated]
