Description
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3492 build 20260507 and later
QuTS hero h5.2.9.3499 build 20260514 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3459 build 20260409 and later
Published: 2026-06-10
Score: 1.2 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An administrative path traversal flaw exists in QNAP’s QTS and QuTS hero operating systems that permits a remote attacker with administrator credentials to read files outside the intended directory. The weakness is classified as CWE‑22. Exposed data may include confidential system files or configuration information, potentially enabling further compromise.

Affected Systems

QNAP Systems Inc.’s QTS and QuTS hero firmware are affected. Versions prior to QTS 5.2.9.3492 build 20260507 and any QuTS hero releases before h5.2.9.3499 build 20260514, h5.3.4.3500 build 20260520, or h6.0.0.3459 build 20260409 are vulnerable. Updating to the listed builds resolves the issue.

Risk and Exploitability

The CVSS score of 1.2 indicates low severity. The EPSS score of 0.00392 (<1%) indicates a very low probability of exploitation, and the flaw is not listed in CISA KEV, implying limited public exploitation. Exploitation requires obtaining administrative authentication first; an unauthenticated attacker cannot leverage the traversal directly.

Generated by OpenCVE AI on June 30, 2026 at 03:52 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later


OpenCVE Recommended Actions

  • Upgrade QTS to version 5.2.9.3492 build 20260507 or newer.
  • Upgrade QuTS hero to h5.2.9.3499 build 20260514, h5.3.4.3500 build 20260520, or h6.0.0.3459 build 20260409 or newer.
  • If an immediate upgrade is not possible, restrict administrative access to trusted IP ranges and enforce two‑factor authentication for administrators.

Generated by OpenCVE AI on June 30, 2026 at 03:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

cvssV4_0

{'score': 1.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U'}


Fri, 12 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qts
Qnap quts Hero
CPEs cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Vendors & Products Qnap
Qnap qts
Qnap quts Hero
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}


Wed, 10 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 10 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap Systems
Qnap Systems qts
Qnap Systems quts Hero
Vendors & Products Qnap Systems
Qnap Systems qts
Qnap Systems quts Hero

Wed, 10 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later
Title QTS, QuTS hero
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-30T01:46:55.731Z

Reserved: 2026-01-26T06:41:35.897Z

Link: CVE-2026-24717

cve-icon Vulnrichment

Updated: 2026-06-10T15:39:44.846Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-10T04:17:16.867

Modified: 2026-06-12T20:21:12.710

Link: CVE-2026-24717

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T04:00:08Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')