EUVD-2026-35983
GHSA-872q-mhr9-36mh
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (qnapsecurity) · only source for this CVE.
CVSS VectorVendor: qnapsecurity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
AnalysisAI
Stack-based buffer overflow in QNAP File Station 5 allows unauthenticated remote attackers to corrupt process memory or crash the file management service when a victim user passively interacts with a crafted input. Affected versions are all File Station 5 releases prior to 5.5.6.5243, running on QNAP NAS devices accessible over the network. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires passive user interaction - a legitimate File Station 5 user must open, preview, or otherwise interact with a crafted file or request delivered by the attacker (UI:P per CVSS 4.0); fully automated exploitation without any user involvement is not supported by the available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.3 (Medium) reflects a constrained impact profile: confidentiality is entirely unaffected (VC:N), while integrity and availability on the vulnerable system are both rated Low (VI:L, VA:L), with zero impact to subsequent systems (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker reachable over the network uploads or delivers a crafted file to a QNAP NAS running File Station 5 prior to 5.5.6.5243, then entices or waits for a legitimate user to open or preview it through the File Station interface. The malformed input triggers a stack-based buffer overflow in the file-handling routine, corrupting stack memory and causing the File Station process to crash or behave unpredictably. … |
| Remediation | Upgrade QNAP File Station 5 to version 5.5.6.5243 or later - this is the vendor-confirmed fix per advisory QSA-26-32 at https://www.qnap.com/en/security-advisory/qsa-26-32. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Share
External POC / Exploit Code
Leaving vuln.today