EUVD-2026-35981
GHSA-v3m3-m62c-qrgr
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (qnapsecurity) · only source for this CVE.
CVSS VectorVendor: qnapsecurity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
AnalysisAI
Stack-based buffer overflow in QNAP File Station 5 enables remote unauthenticated attackers to corrupt memory or destabilize processes through a network-accessible attack path requiring only passive user interaction. Affected versions are all releases prior to 5.5.6.5243; QNAP's own security team (security@qnapsecurity.com.tw) discovered and disclosed the issue via advisory QSA-26-27. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The vulnerability requires no authentication (PR:N) and no special server-side configuration - File Station 5 in its default installed state is vulnerable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.3 (Medium) reflects a constrained impact profile: only low integrity impact to the vulnerable system (VI:L) and no confidentiality or availability impact scored. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote unauthenticated attacker identifies a QNAP NAS with File Station 5 exposed to the network, then sends a crafted HTTP request containing an oversized input field to a File Station endpoint that performs insufficient bounds-checking into a stack buffer. The overflow corrupts adjacent stack memory, allowing the attacker to crash the File Station process or - depending on the specific overflow and binary protections in place - potentially redirect execution. … |
| Remediation | Vendor-released patch: File Station 5 version 5.5.6.5243 and later, per QNAP advisory QSA-26-27 (https://www.qnap.com/en/security-advisory/qsa-26-27). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Share
External POC / Exploit Code
Leaving vuln.today