PT-2026-7574 · Qnap · Qnap Qts+2
Coral
·
Published
2026-02-11
·
Updated
2026-02-13
·
CVE-2025-66277
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions prior to 5.2.8.3350 build 20251216
QNAP QuTS hero h5.3.2 versions prior to h5.3.2.3354 build 20251225
QNAP QuTS hero h5.2.8 versions prior to h5.2.8.3350 build 20251216
Description
A flaw exists that allows remote attackers to traverse the file system to unintended locations. This vulnerability affects QNAP operating systems.
Recommendations
Update QTS to version 5.2.8.3350 build 20251216 or later.
Update QuTS hero h5.3.2 to version h5.3.2.3354 build 20251225 or later.
Update QuTS hero h5.2.8 to version h5.2.8.3350 build 20251216 or later.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnap Qts
Quts Hero H5.2.8
Quts Hero H5.3.2