Description
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3397 build 20260206 and later
Published: 2026-06-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A NULL pointer dereference vulnerability in QNAP’s QTS and QuTS hero operating systems allows remote attackers to trigger a denial‑of‑service condition. The flaw exploits improper null pointer handling (CWE‑476), causing the targeted device to become unresponsive to legitimate traffic after the exploitation occurs. The impact is system‑wide availability loss for the affected device.

Affected Systems

The vulnerability affects QNAP Systems Inc. QTS and QuTS hero releases that precede the vendor‑issued fixed builds. Versions of QTS earlier than 5.2.9.3410 build 20260214, and QuTS hero releases before h5.2.9.3410 build 20260214, h5.3.4.3500 build 20260520, or h6.0.0.3397 build 20260206 are vulnerable.

Risk and Exploitability

The CVSS score for this flaw is 6.9, and the EPSS score is not reported, indicating limited public exploitation data. It is not listed in the CISA KEV catalog. The description states remote attackers can exploit the vulnerability, implying that the attack vector is remote but the exact network exposure is not detailed; it is inferred that the device must be reachable from an attacker network to launch the DoS.

Generated by OpenCVE AI on June 10, 2026 at 04:23 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

OpenCVE Recommended Actions

  • Upgrade QTS to version 5.2.9.3410 build 20260214 or newer
  • Upgrade QuTS hero to version h5.2.9.3410 build 20260214 or newer (or any later release such as h5.3.4.3500 build 20260520 or h6.0.0.3397 build 20260206)
  • If an update cannot be applied immediately, isolate the device from external networks to block potential DoS attempts until the patch is installed

Generated by OpenCVE AI on June 10, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qts
Qnap quts Hero
CPEs cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Vendors & Products Qnap
Qnap qts
Qnap quts Hero
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 10 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 05:30:00 +0000

Type Values Removed Values Added
First Time appeared Qnap Systems Inc.
Qnap Systems Inc. qts
Qnap Systems Inc. quts Hero
Vendors & Products Qnap Systems Inc.
Qnap Systems Inc. qts
Qnap Systems Inc. quts Hero

Wed, 10 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Description A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later
Title QTS, QuTS hero
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Qnap Qts Quts Hero
Qnap Systems Inc. Qts Quts Hero
cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-10T15:50:06.023Z

Reserved: 2025-11-26T09:25:37.833Z

Link: CVE-2025-66281

cve-icon Vulnrichment

Updated: 2026-06-10T15:50:00.618Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-10T04:17:14.383

Modified: 2026-06-15T18:32:30.810

Link: CVE-2025-66281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T05:30:07Z

Weaknesses