Description
A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following version:
License Center 1.9.56 and later
Published: 2026-06-10
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated local attacker with administrator privileges can exploit a path traversal flaw in QNAP License Center, allowing the reader to resolve and access arbitrary file paths outside the intended directory. This flaw can expose sensitive configuration files, system data, or other protected content, potentially compromising confidentiality of the host. The weakness falls under CWE‑22, indicating unvalidated file path traversal.

Affected Systems

QNAP Systems Inc. License Center versions prior to 1.9.56, specifically 1.9.55 and earlier, are vulnerable. The issue was fixed in the 1.9.56 release and later. Only installations of License Center that have not been updated to at least 1.9.56 are at risk.

Risk and Exploitability

With a CVSS base score of 6.9, the vulnerability is considered moderate. The EPSS score is not available, and it is not listed in the CISA KEV catalog. Because exploitation requires local administrator access, the attack surface is limited to users who already have administrative privileges. If such access is obtained, the attacker can read arbitrary files, but remote exploitation and privilege escalation are not possible.

Generated by OpenCVE AI on June 10, 2026 at 04:24 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following version: License Center 1.9.56 and later

OpenCVE Recommended Actions

  • Upgrade QNAP License Center to version 1.9.56 or later.
  • Restrict local administrator accounts to the minimum necessary permissions to prevent unnecessary file access.
  • Conduct an audit of file permissions and access controls on affected hosts to ensure no sensitive files remain exposed through the application.

Generated by OpenCVE AI on June 10, 2026 at 04:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: License Center 1.9.56 and later
Title License Center
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-10T03:02:44.924Z

Reserved: 2025-10-24T02:43:49.268Z

Link: CVE-2025-62851

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T04:17:11.913

Modified: 2026-06-10T04:17:11.913

Link: CVE-2025-62851

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T04:30:06Z

Weaknesses