Description
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.

We have already fixed the vulnerability in the following version:
QuMagie 2.9.0 and later
Published: 2026-06-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization flaw in QNAP Systems Inc.’s QuMagie allows remote attackers to access confidential data or perform actions for which they are not authorised. The vulnerability is an Access Control weakness (CWE-862) that enables attackers to bypass authentication checks and interact with privileged services, threatening both confidentiality and integrity of user data.

Affected Systems

The vulnerability affects the QuMagie platform from QNAP Systems Inc. The patch is released in QuMagie 2.9.0 and later; versions older than 2.9.0 are therefore susceptible.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. Although the EPSS score is unavailable, the advisory states that remote attackers can exploit the flaw, implying a Remote Network attack vector. The vulnerability is not listed in CISA KEV, but its high score and remote exploitation possibility make it a priority for mitigation.

Generated by OpenCVE AI on June 9, 2026 at 05:20 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later

OpenCVE Recommended Actions

  • Upgrade QuMagie to version 2.9.0 or newer.
  • After the upgrade, verify that unauthenticated access to sensitive endpoints is no longer possible by attempting routine authenticated operations from an external source.
  • Restrict network exposure of QuMagie management interfaces, for example by implementing firewall rules or network segmentation, until the upgrade can be applied.

Generated by OpenCVE AI on June 9, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Qnap Systems
Qnap Systems qumagie
Vendors & Products Qnap Systems
Qnap Systems qumagie

Tue, 09 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later
Title QuMagie
Weaknesses CWE-862
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Qnap Systems Qumagie
cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-09T13:18:08.708Z

Reserved: 2026-02-12T02:21:35.482Z

Link: CVE-2026-26236

cve-icon Vulnrichment

Updated: 2026-06-09T13:18:03.885Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T05:16:34.453

Modified: 2026-06-09T13:49:39.993

Link: CVE-2026-26236

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:55:42Z

Weaknesses