QNAP has disclosed multiple vulnerabilities that could allow attackers to cause remote denial of service, compromise data confidentiality, or tamper with data integrity. Risks include data integrity loss, confidentiality breach, security policy bypass, remote denial of service, indirect code injection (XSS), and SQL injection. The affected products include License Center 2.0.x (pre‑2.0.36), MARS 1.2.x (pre‑1.2.1.1686), Qfiling 3.13.x (pre‑3.13.1), Qfinder Pro Mac 7.13.x (pre‑7.13.0), Qsync for Mac 5.1.x (pre‑5.1.5), QTS 5.2.8.x (pre‑5.2.8.3332), QuMagie 2.x (pre‑2.8.1), QuTS hero h5.2.8.x (pre‑h5.2.8.3321), QuTS hero h5.3.x (pre‑h5.3.1.3250), and QVPN Device Client for Mac 2.2.x (pre‑2.2.8). The security advisory lists a range of CVE identifiers. Users should consult QNAP’s security bulletins (QSA‑25‑49 to QSA‑25‑55) for patches and follow the vendor’s instructions.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0003/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.