QNAP NAS Multiple Vulnerabilities

Release Date: 24 Jun 2026

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, remote code execution, denial of service condition, sensitive information disclosure and elevation of privilege on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass

---

System / Technologies affected

• QVP 2.7.1 
• QuTS cloud c5.2.8  
• QTS version 5.2.7
• QuTS hero h5.2.8

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.qnap.com/en/security-advisory/qsa-26-10

---

Vulnerability Identifier

• CVE-2025-59382
• CVE-2025-62858
• CVE-2025-66273
• CVE-2025-66279
• CVE-2025-66280
• CVE-2025-66281
• CVE-2025-68405
• CVE-2026-22893
• CVE-2026-22899
• CVE-2026-24720
• CVE-2026-24724
• CVE-2026-26239
• CVE-2026-26240
• CVE-2026-26241

---

Source

• QNAP

---

Related Link

• https://www.qnap.com/en/security-advisory/qsa-26-10