Description
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.

We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
Published: 2026-06-10
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an allocation of resources without limits or throttling in QNAP File Station 5. After a remote attacker obtains a user account, they can trigger the flaw to tie up resources, preventing other systems, applications or processes from accessing the same resource type. The flaw leads to a denial‑of‑service condition that can disrupt file service availability and may affect other nearby services that depend on the same underlying system resources.

Affected Systems

This weakness appears in QNAP Systems Inc.'s File Station 5. The official fix covers version 5.5.6.5243 and later, so any installations prior to that version may be vulnerable. Specific impacted build numbers are not listed beyond the indicated patch release.

Risk and Exploitability

The CVSS score is 5.3, which is a medium severity rating. No EPSS score is available, so the current exploit probability cannot be quantified from public data. The vulnerability is not listed in the CISA KEV catalog. The attack is likely to be remote, requiring the attacker to have a compromised user account. Once authenticated, the attacker can trigger the flaw, causing resource exhaustion and a denial of service.

Generated by OpenCVE AI on June 10, 2026 at 04:22 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later

OpenCVE Recommended Actions

  • Update File Station 5 to version 5.5.6.5243 or newer to apply the vendor‑provided fix.
  • If an upgrade cannot be performed immediately, implement strict resource quotas or limits on the affected service to reduce the risk of exhaustion.
  • Destroy any compromised user account and enforce strong password policies and multifactor authentication to prevent further unauthorized access.

Generated by OpenCVE AI on June 10, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Description An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
Title File Station 5
Weaknesses CWE-770
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-10T03:08:09.047Z

Reserved: 2026-01-26T06:41:35.897Z

Link: CVE-2026-24720

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T04:17:17.127

Modified: 2026-06-10T04:17:17.127

Link: CVE-2026-24720

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T04:30:06Z

Weaknesses