PT-2026-24596 · Qnap Systems+1 · Qts+1
Published
2026-03-11
·
Updated
2026-03-15
·
CVE-2024-14026
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions prior to 5.1.9.2954 build 20241120
QNAP QTS versions prior to 5.2.3.3006 build 20250108
QNAP QuTS hero versions prior to h5.1.9.2954 build 20241120
QNAP QuTS hero versions prior to h5.2.3.3006 build 20250108
Description
A command injection issue exists in QNAP operating systems. An attacker with local network access and a user account can exploit this to execute arbitrary commands.
Recommendations
Update QTS to version 5.1.9.2954 build 20241120 or later.
Update QTS to version 5.2.3.3006 build 20250108 or later.
Update QuTS hero to version h5.1.9.2954 build 20241120 or later.
Update QuTS hero to version h5.2.3.3006 build 20250108 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts
Quts Hero