Skip to main content
ZDI-26-424 MEDIUM 4.3 Published Jul 15, 2026

Synology DiskStation DS925+ MailPlus Improper Restriction of Communication Channel to Intended Endpoints Vulnerability

Synology

This vulnerability allows network-adjacent attackers to access the Redis instance on affected installations of Synology DiskStation DS925+ devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3.

Related CVE

CVE-2026-13135

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy