CVE-2026-24717

Name: CVE-2026-24717 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-24717

MEDIUM

CVSS v4.0: 5.1

NetworkNo user interactionPath TraversalVendor advisory ref

Source data as of: 2026-06-10 05:05:15 UTC

At a glance

Severity: MEDIUM
CVSS: 5.1 v4.0 · NVD
EPSS: EPSS not provided by FIRST.org for this CVE
CISA KEV: No
Type: Path Traversal · NVD CWE
Attack conditions (CVSS vector): NetworkNo user interaction · Source: NVD Vector
Published: 2026-06-10 · Modified: 2026-06-10
References: Jump to references (1)

CVSS / EPSS / KEV

CVSS v4.0 5.1 / 10 MEDIUM Source: NVD

EPSS — EPSS not provided by FIRST.org for this CVE Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

Record details

CVE ID: CVE-2026-24717
CVSS (v4.0): 5.1 (MEDIUM)
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA KEV: No
Weakness (CWE): CWE-22
Affected configurations (CPE): 0
Published: 2026-06-10
Modified: 2026-06-10
Status: Received

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Vendor advisory https://www.qnap.com/en/security-advisory/qsa-26-34

← Back to all records

CVE-2026-24717

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same weakness type (CWE)

Published the same year