Synology · Synology Antivirus Essential · CVE-2021-27648
**Name of the Vulnerable Software and Affected Versions**
Synology Antivirus Essential versions prior to 1.4.8-2801
**Description**
The issue allows remote authenticated users to obtain privilege via unspecified vectors due to an externally controlled reference to a resource in another sphere in quarantine functionality.
**Recommendations**
For versions prior to 1.4.8-2801, update to version 1.4.8-2801 or later to resolve the issue. As a temporary workaround, consider restricting access to the quarantine functionality until a patch is applied.