Description
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.

We have already fixed the vulnerability in the following version:
QuMagie 2.9.0 and later
Published: 2026-06-10
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization flaw in QNAP’s QuMagie software allows an attacker who can reach the application from a network to retrieve or manipulate data and settings that should be protected, potentially exposing sensitive files and configuration information. The weakness corresponds to missing authorization controls and a possible leakage of authentication credentials, based on the referenced CWEs.

Affected Systems

QNAP Systems Inc. QuMagie versions prior to 2.9.0 are affected. The issue was fixed in QuMagie 2.9.0 and later releases.

Risk and Exploitability

The vulnerability is scored at 8.7 on the CVSS scale, indicating high severity. No EPSS value is provided, but the absence of a KEV listing does not diminish the risk to users that access QuMagie over a network. Adversaries most likely need remote network access to the QuMagie service; the flaw allows exploitation without further privileges, leading to unauthorized data recovery or modification.

Generated by OpenCVE AI on June 10, 2026 at 04:21 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later

OpenCVE Recommended Actions

  • Upgrade QuMagie to version 2.9.0 or later to obtain the vendor-provided fix.
  • Restrict network access to the QuMagie service using firewall or segmentation while the upgrade is pending.
  • Continuously monitor QuMagie logs for suspicious activity and block offending IP addresses as a temporary defensive measure.

Generated by OpenCVE AI on June 10, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Description A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later
Title QuMagie
Weaknesses CWE-359
CWE-862
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-06-10T03:15:03.739Z

Reserved: 2026-02-12T02:21:35.482Z

Link: CVE-2026-26237

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T04:17:19.067

Modified: 2026-06-10T04:17:19.067

Link: CVE-2026-26237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T04:30:06Z

Weaknesses