Notification Center
Monthly
Cross-site request forgery in QNAP Notification Center allows remote unauthenticated attackers to forge state-changing requests on behalf of authenticated NAS users, potentially resulting in privilege escalation or session hijacking within the Notification Center context. Affected versions are all Notification Center 1.10.0 builds prior to 1.10.0.3291, confirmed by QNAP advisory QSA-26-13 and EUVD-2025-210096. Exploitation requires active victim interaction (CVSS 4.0 UI:A), integrity impact is rated low (VI:L), and no public exploit code or active exploitation has been identified at time of analysis.
Cross-site request forgery in QNAP Notification Center allows remote unauthenticated attackers to forge state-changing requests on behalf of authenticated NAS users, potentially resulting in privilege escalation or session hijacking within the Notification Center context. Affected versions are all Notification Center 1.10.0 builds prior to 1.10.0.3291, confirmed by QNAP advisory QSA-26-13 and EUVD-2025-210096. Exploitation requires active victim interaction (CVSS 4.0 UI:A), integrity impact is rated low (VI:L), and no public exploit code or active exploitation has been identified at time of analysis.