PT-2026-1072 · Qnap · Qnap Quts Hero H5.3.1+2
Coral
·
Published
2026-01-02
·
Updated
2026-01-02
·
CVE-2025-52426
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions prior to 5.2.7.3256 build 20250913
QNAP QuTS hero h5.2.7 versions prior to 5.2.7.3256 build 20250913
QNAP QuTS hero h5.3.1 versions prior to 5.3.1.3250 build 20250912
Description
A NULL pointer dereference issue exists in QNAP operating systems. Successful exploitation of this issue by a remote attacker who has obtained administrator privileges can lead to a denial-of-service (DoS) condition.
Recommendations
Update QTS to version 5.2.7.3256 build 20250913 or later.
Update QuTS hero h5.2.7 to version 5.2.7.3256 build 20250913 or later.
Update QuTS hero h5.3.1 to version 5.3.1.3250 build 20250912 or later.
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnap Qts
Qnap Quts Hero H5.2.7
Qnap Quts Hero H5.3.1