Description
Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.
Published: 2026-05-27
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows local users to cause a denial of service by exposing files or directories to external access within the redis‑server component of Synology BeeDrive. The weakness is a filesystem permission oversight (CWE‑552), enabling unauthorized access that can disrupt service availability.

Affected Systems

The issue affects Synology BeeDrive for desktop prior to version 1.3.2‑13814. Only installations of that product and earlier revisions are impacted.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate risk. Exploitation requires local user privileges and the attacker can trigger denial of service through unspecified vectors. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation yet. Local insiders remain the primary threat.

Generated by OpenCVE AI on May 27, 2026 at 10:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Synology BeeDrive to version 1.3.2‑13814 or later to apply the vendor fix.
  • Restrict external access to the redis‑server's file system by reviewing and tightening permissions or disabling the feature until a patch is applied.
  • Monitor application logs for repeated access or denial‑of‑service events and apply rate limiting or resource caps to mitigate impact if the issue persists.

Generated by OpenCVE AI on May 27, 2026 at 10:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via External File Access in Synology BeeDrive
First Time appeared Synology
Synology beedrive For Desktop
Vendors & Products Synology
Synology beedrive For Desktop

Wed, 27 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.
Weaknesses CWE-552
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Synology Beedrive For Desktop
cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2026-05-27T13:41:45.388Z

Reserved: 2024-11-19T04:02:53.643Z

Link: CVE-2024-11399

cve-icon Vulnrichment

Updated: 2026-05-27T13:41:42.431Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T09:16:25.297

Modified: 2026-05-27T14:54:20.160

Link: CVE-2024-11399

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:30:28Z

Weaknesses