Description
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3397 build 20260206 and later
Published: 2026-06-10
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A NULL pointer dereference vulnerability in QNAP’s QTS and QuTS hero operating systems allows remote attackers to trigger a denial‑of‑service condition. The flaw exploits improper null pointer handling (CWE‑476), causing the targeted device to become unresponsive to legitimate traffic after the exploitation occurs. The impact is system‑wide availability loss for the affected device.

Affected Systems

The vulnerability affects QNAP Systems Inc. QTS and QuTS hero releases that precede the vendor‑issued fixed builds. Versions of QTS earlier than 5.2.9.3410 build 20260214, and QuTS hero releases before h5.2.9.3410 build 20260214, h5.3.4.3500 build 20260520, or h6.0.0.3397 build 20260206 are vulnerable.

Risk and Exploitability

The CVSS score for this flaw is 6.9, and the EPSS score is not reported, indicating limited public exploitation data. It is not listed in the CISA KEV catalog. The description states remote attackers can exploit the vulnerability, implying that the attack vector is remote but the exact network exposure is not detailed; it is inferred that the device must be reachable from an attacker network to launch the DoS.

Generated by OpenCVE AI on June 10, 2026 at 04:23 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

OpenCVE Recommended Actions

  • Upgrade QTS to version 5.2.9.3410 build 20260214 or newer
  • Upgrade QuTS hero to version h5.2.9.3410 build 20260214 or newer (or any later release such as h5.3.4.3500 build 20260520 or h6.0.0.3397 build 20260206)
  • If an update cannot be applied immediately, isolate the device from external networks to block potential DoS attempts until the patch is installed

Generated by OpenCVE AI on June 10, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 05:30:00 +0000

Type Values Removed Values Added
First Time appeared Qnap Systems Inc.
Qnap Systems Inc. qts
Qnap Systems Inc. quts Hero
Vendors & Products Qnap Systems Inc.
Qnap Systems Inc. qts
Qnap Systems Inc. quts Hero

Wed, 10 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Description A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later
Title QTS, QuTS hero
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Qnap Systems Inc. Qts Quts Hero
cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-10T03:06:06.429Z

Reserved: 2025-11-26T09:25:37.833Z

Link: CVE-2025-66281

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T04:17:14.383

Modified: 2026-06-10T04:17:14.383

Link: CVE-2025-66281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T05:30:07Z

Weaknesses