Skip to main content

QNAP QTS CVE-2026-24716

| EUVD-2026-35975 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-10 qnap GHSA-9vf8-xh83-h327
Denial Of Service Null Pointer Dereference Qnap
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jun 10, 2026 - 06:25 vuln.today
Patch available
Jun 10, 2026 - 05:01 EUVD
CVSS changed
Jun 10, 2026 - 04:22 NVD
5.1 (MEDIUM)
CVE Published
Jun 10, 2026 - 03:08 nvd
UNKNOWN (no severity yet)

DescriptionNVD

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

AnalysisAI

NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems enables a remote, administrator-authenticated attacker to trigger a denial-of-service condition. Exploitation requires the attacker to first hold or acquire an administrator account on the target device, after which a crafted request can crash system services. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain QNAP admin credentials via credential reuse or brute force
Delivery
Authenticate remotely to QNAP management interface
Exploit
Send crafted request to vulnerable OS component
Execution
Trigger CWE-476 NULL pointer dereference
Persist
Crash system process
Impact
Cause denial-of-service
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a valid administrator account on the target QNAP device; this is confirmed by the CVSS 4.0 vector PR:H (High Privileges Required). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.1 (Medium) accurately reflects the constrained threat model: network reachable (AV:N) with low attack complexity (AC:L), but gated entirely behind high-privilege authentication (PR:H), which substantially limits the realistic attacker population to those who have already compromised an admin account. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained administrator credentials to a QNAP NAS - through credential stuffing, phishing, or reuse of previously leaked passwords - authenticates remotely to the management interface and sends a specially crafted request that triggers a NULL pointer dereference within the OS, causing a targeted system crash or prolonged service interruption. No public exploit code exists at time of analysis, so exploitation currently requires manual knowledge of the vulnerable code path.
Remediation Upgrade to a fixed release as confirmed by QNAP advisory QSA-26-18 (https://www.qnap.com/en/security-advisory/qsa-26-18): QTS users should update to version 5.2.9.3492 build 20260507 or later; QuTS hero users should update to h5.2.9.3499 build 20260514, h5.3.4.3500 build 20260520, or h6.0.0.3459 build 20260409 depending on their branch. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-41539 HIGH
8.7 Jun 09

Cross-site scripting in QNAP QTS and QuTS hero operating systems allows remote attackers to bypass security mechanisms a
CVE-2025-66273 HIGH
8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already
CVE-2025-66279 HIGH
8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero allows a remote attacker holding administrator credentials to

CVE-2026-22893 HIGH
8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows attackers with administrator cred
CVE-2026-24719 HIGH
8.6 Jun 10

Authenticated command injection in QNAP QTS and QuTS hero NAS operating systems allows an attacker who already holds an

Share

CVE-2026-24716 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy