Description
QuTS hero is not affected.

We have already fixed the vulnerability in the following version:
QTS 5.2.7.3256 build 20250913 and later
Published: 2026-06-10
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is identified in the QNAP QTS firmware. Although the advisory does not detail the exploit technique, the assignment of a CVSS score of 9.2 and the lack of specific CWE identifiers suggest a serious weakness that could lead to unauthorized disclosure of sensitive information or the injection of malicious code. Based on the available evidence, it is inferred that the flaw involves improper handling of input or data exposure, potentially allowing attackers to read confidential data or execute code on the system.

Affected Systems

The issue targets the QTS operating system bundled in QNAP devices. Any installation running a QTS build older than 5.2.7.3256 build 20250913 is vulnerable. The QuTS hero product is explicitly listed as not affected.

Risk and Exploitability

With a CVSS score of 9.2 the vulnerability is classified as critical. The EPSS score of less than 1% indicates a low but nonzero likelihood of exploitation. The flaw is not listed in CISA’s KEV catalog. No specific exploitation method is described; therefore the attack vector remains uncertain, but the absence of CWE details leaves potential for code injection or execution via a mismanaged input channel, potentially through the QTS management interface or other exposed services.

Generated by OpenCVE AI on June 13, 2026 at 01:23 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later

OpenCVE Recommended Actions

  • Upgrade QTS firmware to version 5.2.7.3256 build 20250913 or later.
  • If an update cannot be performed immediately, restrict external access to the QTS management interfaces by blocking inbound traffic from untrusted networks or applying firewall rules.
  • Enforce strong authentication and limit administrative privileges to reduce the potential impact of any future vulnerabilities.

Generated by OpenCVE AI on June 13, 2026 at 01:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 13 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-94

Fri, 12 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qts
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Vendors & Products Qnap
Qnap qts
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 10 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap Systems
Qnap Systems qts
Qnap Systems quts Hero
Weaknesses CWE-200
CWE-94
Vendors & Products Qnap Systems
Qnap Systems qts
Qnap Systems quts Hero

Wed, 10 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later
Title QTS
First Time appeared Qnap Systems Inc.
Qnap Systems Inc. qts
CPEs cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*
Vendors & Products Qnap Systems Inc.
Qnap Systems Inc. qts
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Qnap Qts
Qnap Systems Qts Quts Hero
Qnap Systems Inc. Qts
cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-10T16:07:48.978Z

Reserved: 2025-11-26T09:25:37.832Z

Link: CVE-2025-66276

cve-icon Vulnrichment

Updated: 2026-06-10T16:07:44.618Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-10T03:16:24.730

Modified: 2026-06-12T20:25:51.970

Link: CVE-2025-66276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T01:30:17Z

Weaknesses