CVE Catalog

CVE-2026-24716

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

A NULL pointer dereference vulnerability in QNAP operating systems. A remote attacker with an administrator account can exploit it to cause a denial-of-service (DoS) attack.

Risk Assessment

The risk involves potential service disruption by an attacker with admin access, leading to unavailability of the QNAP device.

Recommendation

Immediately update QTS or QuTS hero to the fixed versions listed in the description.

Original NVD description (English source)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

Vulnerability data from NVD (NIST) · CISA KEV · EPSS