Description
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3492 build 20260507 and later
QuTS hero h5.2.9.3499 build 20260514 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3459 build 20260409 and later
Published: 2026-06-10
Score: 1.2 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference can be triggered by a remote attacker who already has administrator credentials, leading to a denial‑of‑service that freezes the affected system. The flaw requires an authenticated session and impacts the availability of the QNAP operating system.

Affected Systems

QNAP Systems Inc. QTS and QuTS hero devices are affected. All builds before QTS 5.2.9.3492 build 20260507, QuTS hero h5.2.9.3499 build 20260514, QuTS hero h5.3.4.3500 build 20260520, and QuTS hero h6.0.0.3459 build 20260409 are vulnerable.

Risk and Exploitability

The CVSS score of 1.2 indicates low severity. The EPSS score of less than 1% indicates a very low probability of exploitation, and the vulnerability is not listed in CISA KEV, suggesting no widespread exploitation yet, but it remains a valid risk. The attack path requires the attacker to obtain or compromise an administrator account; given that the attacker can then send a request that dereferences a null pointer, the impact is a denial of service. The official fix includes updated builds listed above; deploying them mitigates the threat.

Generated by OpenCVE AI on June 30, 2026 at 03:52 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later


OpenCVE Recommended Actions

  • Upgrade QTS to version 5.2.9.3492 build 20260507 or newer, or upgrade QuTS hero to h5.2.9.3499 build 20260514 or newer versions h5.3.4.3500 build 20260520 or h6.0.0.3459 build 20260409 and later. This firmware implements null‑pointer checks to prevent dereference errors.
  • For any custom scripts, plugins or third‑party applications that interact with the QTS/QuTS hero APIs, validate inputs and explicitly check for null pointers before usage, following CWE‑476 mitigations.
  • Enforce strict authentication controls by limiting administrator accounts, requiring strong passwords, and disabling remote management from untrusted networks. This reduces the chance that an attacker gains the privileged session needed to trigger the null pointer dereference.
  • Monitor system logs for abnormal service restarts or crashes indicative of a denial‑of‑service event, and configure alerts to detect repeated failures.

Generated by OpenCVE AI on June 30, 2026 at 03:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}

cvssV4_0

{'score': 1.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U'}


Mon, 15 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qts
Qnap quts Hero
CPEs cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Vendors & Products Qnap
Qnap qts
Qnap quts Hero
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


Wed, 10 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 10 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap Systems Inc.
Qnap Systems Inc. qts
Qnap Systems Inc. quts Hero
Vendors & Products Qnap Systems Inc.
Qnap Systems Inc. qts
Qnap Systems Inc. quts Hero

Wed, 10 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Description A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later
Title QTS, QuTS hero
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Qnap Qts Quts Hero
Qnap Systems Inc. Qts Quts Hero
cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-30T01:46:35.702Z

Reserved: 2026-01-26T06:41:35.897Z

Link: CVE-2026-24716

cve-icon Vulnrichment

Updated: 2026-06-10T15:43:01.185Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-10T04:17:16.737

Modified: 2026-06-15T18:33:20.837

Link: CVE-2026-24716

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T04:00:08Z

Weaknesses