PT-2026-43592 · Synology · Storage Manager
Simon Baaske
·
Published
2026-05-27
·
Updated
2026-06-01
·
CVE-2026-2237
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Synology Storage Manager versions prior to 1.0.1-1100
Description
A flaw in the volume encryption component allows local attackers to obtain sensitive information. This occurs because the application uses the GET request method with sensitive query strings, which can lead to information disclosure.
Recommendations
Update to version 1.0.1-1100 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Storage Manager