Description
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.
Published: 2026-04-10
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability stems from a misconfigured local HTTP server that runs on the loopback interface within the Synology SSL VPN Client. A malicious craft of a web page can be used by an attacker to cause the client to serve files from its installation directory, exposing sensitive artifacts such as configuration files, certificates, and logs. The primary impact is the disclosure of confidential data, while system integrity and availability remain unaffected.

Affected Systems

All Synology SSL VPN Client installations with a version prior to 1.4.5‑0684 are affected. The flaw is confined to the SSL VPN Client component and does not impact other Synology products or alternative VPN clients.

Risk and Exploitability

The CVSS base score of 6.5 indicates a medium severity vulnerability. EPSS data is unavailable and the issue is not listed in the CISA KEV catalog, suggesting a lower immediate exploitation probability. The attack requires the victim to interact with a malicious web page while the client is running and does not provide remote code execution or denial of service.

Generated by OpenCVE AI on April 10, 2026 at 10:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Synology SSL VPN Client to version 1.4.5 or later
  • Verify that the local HTTP server is listening only on the loopback interface and is not exposed to external networks
  • Avoid navigating to untrusted web pages while the VPN client is running
  • Monitor Synology’s security advisories for additional patches or work‑arounds

Generated by OpenCVE AI on April 10, 2026 at 10:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Local HTTP Server Exposes Sensitive Files in Synology SSL VPN Client

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Synology
Synology ssl Vpn Client
Vendors & Products Synology
Synology ssl Vpn Client

Fri, 10 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Description A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.
Weaknesses CWE-552
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Synology Ssl Vpn Client
cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2026-04-10T12:43:33.313Z

Reserved: 2026-04-10T06:29:38.695Z

Link: CVE-2021-47960

cve-icon Vulnrichment

Updated: 2026-04-10T12:43:30.504Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-10T10:16:02.853

Modified: 2026-04-13T15:02:06.187

Link: CVE-2021-47960

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:06:12Z

Weaknesses