Description
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.

We have already fixed the vulnerability in the following version:
QuMagie 2.9.0 and later
Published: 2026-06-09
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization flaw in QNAP Systems Inc.’s QuMagie allows remote attackers to access confidential data or perform actions for which they are not authorised. The vulnerability is an Access Control weakness (CWE-862) that enables attackers to bypass authentication checks and interact with privileged services, threatening both confidentiality and integrity of user data.

Affected Systems

The vulnerability affects the QuMagie platform from QNAP Systems Inc. The patch is released in QuMagie 2.9.0 and later; versions older than 2.9.0 are therefore susceptible.

Risk and Exploitability

The CVSS score of 6.6 indicates moderate severity. The EPSS score of less than 1% suggests a very low probability of exploitation, but the advisory confirms that remote attackers can exploit the flaw, which implies a Remote Network attack vector. The vulnerability is not listed in CISA KEV, and while the low EPSS mitigates immediate risk, the moderate CVSS and remote exploitation potential make patching a prudent priority.

Generated by OpenCVE AI on June 17, 2026 at 18:39 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later

OpenCVE Recommended Actions

  • Upgrade QuMagie to version 2.9.0 or newer.
  • After the upgrade, verify that unauthenticated access to sensitive endpoints is no longer possible by attempting routine authenticated operations from an external source.
  • Restrict network exposure of QuMagie management interfaces, for example by implementing firewall rules or network segmentation, until the upgrade can be applied.

Generated by OpenCVE AI on June 17, 2026 at 18:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 6.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U'}

Fri, 12 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qumagie
CPEs cpe:2.3:a:qnap:qumagie:*:*:*:*:*:*:*:*
Vendors & Products Qnap
Qnap qumagie
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 09 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Qnap Systems
Qnap Systems qumagie
Vendors & Products Qnap Systems
Qnap Systems qumagie

Tue, 09 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later
Title QuMagie
Weaknesses CWE-862
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Qnap Qumagie
Qnap Systems Qumagie
cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-17T01:53:39.022Z

Reserved: 2026-02-12T02:21:35.482Z

Link: CVE-2026-26236

cve-icon Vulnrichment

Updated: 2026-06-09T13:18:03.885Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-09T05:16:34.453

Modified: 2026-06-12T15:35:00.163

Link: CVE-2026-26236

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T18:45:10Z

Weaknesses