Description
Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
Published: 2026-05-27
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from an origin validation error in the Synology ActiveProtect Agent. This flaw allows a local user to install the agent and place arbitrary files with restricted content on the system, and can cause a denial‑of‑service during the installation process. The issue is identified as CWE‑346, indicating that the software lacks proper access control when validating incoming installation data, which can be abused to write files that have potentially malicious or unintended content.

Affected Systems

Synology ActiveProtect Agent versions prior to 1.1.0-0439 are affected. The vulnerability applies to installations performed by any local user with sufficient privileges to run the agent’s installer on Synology devices.

Risk and Exploitability

The CVSS score of 6.1 reflects medium severity, and the EPSS score of 4e‑05 indicates a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Because the attack requires local installation privileges, the risk is limited to users with such permissions, but unrestricted file write capabilities can lead to broader system impacts if abused.

Generated by OpenCVE AI on June 2, 2026 at 09:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ActiveProtect Agent to version 1.1.0-0439 or later, as released by Synology.
  • Limit the installation of the agent to trusted administrators by enforcing role‑based access controls and disabling installation rights for other users.
  • If the agent is not required, uninstall it or ensure that its installer and installation directories are inaccessible to non‑admin users.

Generated by OpenCVE AI on June 2, 2026 at 09:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Description Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content when installing. Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.

Mon, 01 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:synology:activeprotect_agent:*:*:*:*:*:*:*:*

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Synology
Synology activeprotect Agent
Vendors & Products Synology
Synology activeprotect Agent

Wed, 27 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content when installing.
Weaknesses CWE-346
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

Synology Activeprotect Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2026-06-02T08:18:36.204Z

Reserved: 2025-11-24T06:58:48.721Z

Link: CVE-2025-13593

cve-icon Vulnrichment

Updated: 2026-05-27T12:49:08.004Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T09:16:26.730

Modified: 2026-06-02T16:08:56.677

Link: CVE-2025-13593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T10:00:06Z

Weaknesses