QNAP Qts

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in QNAP Qts.

Known Exploited QNAP Qts Vulnerabilities

The following QNAP Qts vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title	Description	Added
QNAP QTS Improper Input Validation Vulnerability	QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. CVE-2019-7193 Exploit Probability: 14.4%	June 8, 2022

The vulnerability CVE-2019-7193: QNAP QTS Improper Input Validation Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 20 vulnerabilities in QNAP Qts. Last year, in 2025 Qts had 40 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Qts in 2026 could surpass last years number.

Year	Vulnerabilities	Average Score
2026	20	0.00
2025	40	0.00
2024	98	7.20
2023	22	6.99
2022	6	6.75
2021	13	7.95
2020	14	7.53
2019	4	8.13
2018	11	6.60

It may take a day or so for new Qts vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent QNAP Qts Security Vulnerabilities

Cmd Injection in QTS 5.2.9 (pre-20260507) & QuTS hero (pre-20260514)
CVE-2026-24719 - June 10, 2026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later

Shell injection

QNAP QTS/QuTS Hero path traversal CVE-2026-24717 before 5.2.9.3492
CVE-2026-24717 - June 10, 2026

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

Directory traversal

QNAP QTS DoS via NULL ptr in 5.2.9.3492+
CVE-2026-24716 - June 10, 2026

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

NULL Pointer Dereference

CmdInject in QNAP QTS/QuTS before 5.2.9.3410
CVE-2026-22893 - June 10, 2026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

Shell injection

QNAP QTS Null Ptr Deref DoS (pre 5.2.9.3410, fixed in 5.2.9.3410)
CVE-2025-66281 - June 10, 2026

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

NULL Pointer Dereference

QNAP QTS/QuTS Integer Overflow (Admin) CVE-2025-66280 Fixed v5.2.9.3410+
CVE-2025-66280 - June 10, 2026

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

Integer Overflow or Wraparound

Command Injection in QNAP QTS/QuTS Hero (5.2.9.3410, 5.3.4.3500)
CVE-2025-66279 - June 10, 2026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

Shell injection

QTS/QuTS Hero cmd injection CVE202566273 before 5.2.9.3410
CVE-2025-66273 - June 10, 2026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

Shell injection

QNAP CVE-2025-59382 Fix Implemented
CVE-2025-59382 - June 10, 2026

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:

Assumed-Immutable Parameter Tampering

Buffer Overflow in QNAP OS (pre-5.2.9.3410, pre-5.3.4.3500, pre-6.0.0.3397)
CVE-2025-62858 - June 09, 2026

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

Stack Overflow

XSS in QNAP QTS/QuTS hero before 5.2.9.3492
CVE-2026-41539 - June 09, 2026

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3500 build 20260520 and later

XSS

Command Injection in QTS / QuTS OS before 5.1.9.2954 (fixed in 5.2.3.3006)
CVE-2024-14026 - March 11, 2026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later

Shell injection

QNAP QTS <=5.2.8.3332 NULL PTR DoS Vulnerability
CVE-2025-47205 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

NULL Pointer Dereference

QTS 5.2.8.3332 Build DoS via Uninitialized Variable
CVE-2025-58466 - February 11, 2026

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later

Use of Uninitialized Variable

QNAP QuTS hero OS <=5.3.2.3354 NULL Pointer DoS
CVE-2025-66274 - February 11, 2026

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h6.0.0.3397 build 20260206 and later

NULL Pointer Dereference

QNAP QTS/QuTS Hero: Link Following Path Traversal (pre-5.2.8/5.3.2)
CVE-2025-66277 - February 11, 2026

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later

insecure temporary file

Buffer Overflow in QTS 5.2.8.3332 (QNAP) Exposes Admin Remote Exploit
CVE-2025-62852 - January 02, 2026

Stack Overflow

QNAP QTS 5.2.8.3332 Path Traversal Allowing Admin File Read
CVE-2025-59381 - January 02, 2026

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.2.3354 build 20251225 and later

Directory traversal

Buffer Overflow in QTS before 5.2.8.3332 Remote Exploit via Admin
CVE-2025-48721 - January 02, 2026

Classic Buffer Overflow

QTS 5.2.7.3256 NULL Pointer DoS Admin Remote Exploit
CVE-2025-53590 - January 02, 2026

NULL Pointer Dereference

QNAP QTS 5.2.7 Auth Bypass via Spoofing (fixed 5.2.7.3297)
CVE-2025-59385 - December 16, 2025

An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Authentication Bypass by Spoofing

Command Injection: QNAP QTS 5.2.7.3297 & QuTS hero 5.3.1
CVE-2025-62847 - December 16, 2025

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

Argument Injection

QNAP QTS/QuTS Hero Null Pointer DoS (pre 5.3.1.3292)
CVE-2025-62848 - December 16, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

NULL Pointer Dereference

SQL Injection in QNAP QTS/QuTS Hero <5.2.7.3297
CVE-2025-62849 - December 16, 2025

An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later

SQL Injection

QNAP QTS Format String Vulnerability v5.2.6.3195 Remote Exploit
CVE-2025-53407 - October 03, 2025

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Use of Externally-Controlled Format String

Format String in QTS/QuTS hero 5.2.6.3195 Allows Remote Data Leak
CVE-2025-53406 - October 03, 2025

Use of Externally-Controlled Format String

QNAP QTS/QuTS hero 5.2.6.3195 NPD Remote Admin DoS
CVE-2025-52866 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QNAP QTS/QuTS hero NULL ptr DoS before 5.2.6.3195
CVE-2025-52862 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QNAP QTS/QuTS hero NULL Ptr Deref DoS before 5.2.6.3195
CVE-2025-52860 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QNAP QTS 5.2.6.3195: NULL ptr DoS Remote Attacker
CVE-2025-52859 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

NULL Pointer Deref in QNAP QTS & QuTS hero 5.2.6.3195 Before build 20250715 DoS
CVE-2025-52858 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QNAP QTS/QuTS hero NULL ptr deref DoS pre 5.2.6.3195
CVE-2025-52857 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QNAP QTS/QuTS Hero Remote Admin Null Ptr Deref DoS - fixed 5.2.6.3195
CVE-2025-52855 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QTS QNAP OS NPE DoS (5.2.6.3195) Remote Admin
CVE-2025-52854 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QNAP OS QTS/QuTS hero DoS via NULL ptr in pre-5.2.6.3195
CVE-2025-52853 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

NULL PTR DoS in QNAP QTS 5.2.6.3195 & QuTS Hero 5.2.6.3195
CVE-2025-52433 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

CVE-2025-52432: Null Pointer Deref in QNAP QTS/QuTS hero OS DoS (fixed 5.2.6.3195+/5.3.0.3192+)
CVE-2025-52432 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later QuTS hero h5.2.6.3195 build 20250715 and later QuTS hero h5.3.0.3192 build 20250716 and later

NULL Pointer Dereference

Format String Vulnerability in QTS 5.2.6.3195+ (CVE202552429)
CVE-2025-52429 - October 03, 2025

Use of Externally-Controlled Format String

QTS NULL Pointer Deref DoS in <=5.2.6.3194, Fixed 5.2.6.3195
CVE-2025-52428 - October 03, 2025

NULL Pointer Dereference

QNAP QTS/QuTS hero 5.2.x NULL Pointer DoS Vulnerability
CVE-2025-52427 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QTS 5.2.6.3195 NULL ptr DoS after admin takeover
CVE-2025-52424 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

External Format String issue in QNAP QTS/QuTS <5.2.6.3195 (pre-5.2.6.3195)
CVE-2025-48730 - October 03, 2025

Use of Externally-Controlled Format String

QNAP QTS/QuTS hero NULL PTR DoS prior 5.2.6.3195
CVE-2025-48729 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QNAP QTS Null Ptr DoS before 5.2.6.3195
CVE-2025-48728 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QNAP OS NULL Pointer DoS (QTS 5.2.6.3195+, QuTS hero h5.2.6.3195+)
CVE-2025-48727 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QTS <5.2.6.3195: NULL ptr deref DoS via admin
CVE-2025-48726 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

QNAP QTS 5.2.6.3195 NULL PTR Deref DoS
CVE-2025-47214 - October 03, 2025

NULL Pointer Dereference

QNAP QTS/QuTS NULL Pointer DoS (remote admin) before 5.2.6.3195
CVE-2025-47213 - October 03, 2025

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

NULL Pointer Dereference

Command Injection Remote Exec in QNAP QTS/QuTS hero <5.2.6.3195
CVE-2025-47212 - October 03, 2025

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Shell injection

Path Traversal in QTS 5.2.6.3195 (QNAP) admin reads arbitrary files
CVE-2025-47211 - October 03, 2025

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for QNAP Qts or by QNAP? Click the Watch button to subscribe.

QNAP
Vendor

QNAP Qts
Product

QNAP Qts

Don't miss out!

Known Exploited QNAP Qts Vulnerabilities

By the Year

Recent QNAP Qts Security Vulnerabilities

Cmd Injection in QTS 5.2.9 (pre-20260507) & QuTS hero (pre-20260514) CVE-2026-24719 - June 10, 2026

QNAP QTS/QuTS Hero path traversal CVE-2026-24717 before 5.2.9.3492 CVE-2026-24717 - June 10, 2026

QNAP QTS DoS via NULL ptr in 5.2.9.3492+ CVE-2026-24716 - June 10, 2026

CmdInject in QNAP QTS/QuTS before 5.2.9.3410 CVE-2026-22893 - June 10, 2026

QNAP QTS Null Ptr Deref DoS (pre 5.2.9.3410, fixed in 5.2.9.3410) CVE-2025-66281 - June 10, 2026

QNAP QTS/QuTS Integer Overflow (Admin) CVE-2025-66280 Fixed v5.2.9.3410+ CVE-2025-66280 - June 10, 2026

Command Injection in QNAP QTS/QuTS Hero (5.2.9.3410, 5.3.4.3500) CVE-2025-66279 - June 10, 2026

QTS/QuTS Hero cmd injection CVE202566273 before 5.2.9.3410 CVE-2025-66273 - June 10, 2026

QNAP CVE-2025-59382 Fix Implemented CVE-2025-59382 - June 10, 2026

Buffer Overflow in QNAP OS (pre-5.2.9.3410, pre-5.3.4.3500, pre-6.0.0.3397) CVE-2025-62858 - June 09, 2026

XSS in QNAP QTS/QuTS hero before 5.2.9.3492 CVE-2026-41539 - June 09, 2026

Command Injection in QTS / QuTS OS before 5.1.9.2954 (fixed in 5.2.3.3006) CVE-2024-14026 - March 11, 2026

QNAP QTS <=5.2.8.3332 NULL PTR DoS Vulnerability CVE-2025-47205 - February 11, 2026

QTS 5.2.8.3332 Build DoS via Uninitialized Variable CVE-2025-58466 - February 11, 2026

QNAP QuTS hero OS <=5.3.2.3354 NULL Pointer DoS CVE-2025-66274 - February 11, 2026

QNAP QTS/QuTS Hero: Link Following Path Traversal (pre-5.2.8/5.3.2) CVE-2025-66277 - February 11, 2026

Buffer Overflow in QTS 5.2.8.3332 (QNAP) Exposes Admin Remote Exploit CVE-2025-62852 - January 02, 2026

QNAP QTS 5.2.8.3332 Path Traversal Allowing Admin File Read CVE-2025-59381 - January 02, 2026

Buffer Overflow in QTS before 5.2.8.3332 Remote Exploit via Admin CVE-2025-48721 - January 02, 2026

QTS 5.2.7.3256 NULL Pointer DoS Admin Remote Exploit CVE-2025-53590 - January 02, 2026

QNAP QTS 5.2.7 Auth Bypass via Spoofing (fixed 5.2.7.3297) CVE-2025-59385 - December 16, 2025

Command Injection: QNAP QTS 5.2.7.3297 & QuTS hero 5.3.1 CVE-2025-62847 - December 16, 2025

QNAP QTS/QuTS Hero Null Pointer DoS (pre 5.3.1.3292) CVE-2025-62848 - December 16, 2025

SQL Injection in QNAP QTS/QuTS Hero <5.2.7.3297 CVE-2025-62849 - December 16, 2025

QNAP QTS Format String Vulnerability v5.2.6.3195 Remote Exploit CVE-2025-53407 - October 03, 2025

Format String in QTS/QuTS hero 5.2.6.3195 Allows Remote Data Leak CVE-2025-53406 - October 03, 2025

QNAP QTS/QuTS hero 5.2.6.3195 NPD Remote Admin DoS CVE-2025-52866 - October 03, 2025

QNAP QTS/QuTS hero NULL ptr DoS before 5.2.6.3195 CVE-2025-52862 - October 03, 2025

QNAP QTS/QuTS hero NULL Ptr Deref DoS before 5.2.6.3195 CVE-2025-52860 - October 03, 2025

QNAP QTS 5.2.6.3195: NULL ptr DoS Remote Attacker CVE-2025-52859 - October 03, 2025

NULL Pointer Deref in QNAP QTS & QuTS hero 5.2.6.3195 Before build 20250715 DoS CVE-2025-52858 - October 03, 2025

QNAP QTS/QuTS hero NULL ptr deref DoS pre 5.2.6.3195 CVE-2025-52857 - October 03, 2025

QNAP QTS/QuTS Hero Remote Admin Null Ptr Deref DoS - fixed 5.2.6.3195 CVE-2025-52855 - October 03, 2025

QTS QNAP OS NPE DoS (5.2.6.3195) Remote Admin CVE-2025-52854 - October 03, 2025

QNAP OS QTS/QuTS hero DoS via NULL ptr in pre-5.2.6.3195 CVE-2025-52853 - October 03, 2025

NULL PTR DoS in QNAP QTS 5.2.6.3195 & QuTS Hero 5.2.6.3195 CVE-2025-52433 - October 03, 2025

CVE-2025-52432: Null Pointer Deref in QNAP QTS/QuTS hero OS DoS (fixed 5.2.6.3195+/5.3.0.3192+) CVE-2025-52432 - October 03, 2025

Format String Vulnerability in QTS 5.2.6.3195+ (CVE202552429) CVE-2025-52429 - October 03, 2025

QTS NULL Pointer Deref DoS in <=5.2.6.3194, Fixed 5.2.6.3195 CVE-2025-52428 - October 03, 2025

QNAP QTS/QuTS hero 5.2.x NULL Pointer DoS Vulnerability CVE-2025-52427 - October 03, 2025

QTS 5.2.6.3195 NULL ptr DoS after admin takeover CVE-2025-52424 - October 03, 2025

External Format String issue in QNAP QTS/QuTS <5.2.6.3195 (pre-5.2.6.3195) CVE-2025-48730 - October 03, 2025

QNAP QTS/QuTS hero NULL PTR DoS prior 5.2.6.3195 CVE-2025-48729 - October 03, 2025

QNAP QTS Null Ptr DoS before 5.2.6.3195 CVE-2025-48728 - October 03, 2025

QNAP OS NULL Pointer DoS (QTS 5.2.6.3195+, QuTS hero h5.2.6.3195+) CVE-2025-48727 - October 03, 2025

QTS <5.2.6.3195: NULL ptr deref DoS via admin CVE-2025-48726 - October 03, 2025

QNAP QTS 5.2.6.3195 NULL PTR Deref DoS CVE-2025-47214 - October 03, 2025

QNAP QTS/QuTS NULL Pointer DoS (remote admin) before 5.2.6.3195 CVE-2025-47213 - October 03, 2025

Command Injection Remote Exec in QNAP QTS/QuTS hero <5.2.6.3195 CVE-2025-47212 - October 03, 2025

Path Traversal in QTS 5.2.6.3195 (QNAP) admin reads arbitrary files CVE-2025-47211 - October 03, 2025

Stay on top of Security Vulnerabilities

QNAP Vendor

QNAP QtsProduct

Cmd Injection in QTS 5.2.9 (pre-20260507) & QuTS hero (pre-20260514)
CVE-2026-24719 - June 10, 2026

QNAP QTS/QuTS Hero path traversal CVE-2026-24717 before 5.2.9.3492
CVE-2026-24717 - June 10, 2026

QNAP QTS DoS via NULL ptr in 5.2.9.3492+
CVE-2026-24716 - June 10, 2026

CmdInject in QNAP QTS/QuTS before 5.2.9.3410
CVE-2026-22893 - June 10, 2026

QNAP QTS Null Ptr Deref DoS (pre 5.2.9.3410, fixed in 5.2.9.3410)
CVE-2025-66281 - June 10, 2026

QNAP QTS/QuTS Integer Overflow (Admin) CVE-2025-66280 Fixed v5.2.9.3410+
CVE-2025-66280 - June 10, 2026

Command Injection in QNAP QTS/QuTS Hero (5.2.9.3410, 5.3.4.3500)
CVE-2025-66279 - June 10, 2026

QTS/QuTS Hero cmd injection CVE202566273 before 5.2.9.3410
CVE-2025-66273 - June 10, 2026

QNAP CVE-2025-59382 Fix Implemented
CVE-2025-59382 - June 10, 2026

Buffer Overflow in QNAP OS (pre-5.2.9.3410, pre-5.3.4.3500, pre-6.0.0.3397)
CVE-2025-62858 - June 09, 2026

XSS in QNAP QTS/QuTS hero before 5.2.9.3492
CVE-2026-41539 - June 09, 2026

Command Injection in QTS / QuTS OS before 5.1.9.2954 (fixed in 5.2.3.3006)
CVE-2024-14026 - March 11, 2026

QNAP QTS <=5.2.8.3332 NULL PTR DoS Vulnerability
CVE-2025-47205 - February 11, 2026

QTS 5.2.8.3332 Build DoS via Uninitialized Variable
CVE-2025-58466 - February 11, 2026

QNAP QuTS hero OS <=5.3.2.3354 NULL Pointer DoS
CVE-2025-66274 - February 11, 2026

QNAP QTS/QuTS Hero: Link Following Path Traversal (pre-5.2.8/5.3.2)
CVE-2025-66277 - February 11, 2026

Buffer Overflow in QTS 5.2.8.3332 (QNAP) Exposes Admin Remote Exploit
CVE-2025-62852 - January 02, 2026

QNAP QTS 5.2.8.3332 Path Traversal Allowing Admin File Read
CVE-2025-59381 - January 02, 2026

Buffer Overflow in QTS before 5.2.8.3332 Remote Exploit via Admin
CVE-2025-48721 - January 02, 2026

QTS 5.2.7.3256 NULL Pointer DoS Admin Remote Exploit
CVE-2025-53590 - January 02, 2026

QNAP QTS 5.2.7 Auth Bypass via Spoofing (fixed 5.2.7.3297)
CVE-2025-59385 - December 16, 2025

Command Injection: QNAP QTS 5.2.7.3297 & QuTS hero 5.3.1
CVE-2025-62847 - December 16, 2025

QNAP QTS/QuTS Hero Null Pointer DoS (pre 5.3.1.3292)
CVE-2025-62848 - December 16, 2025

SQL Injection in QNAP QTS/QuTS Hero <5.2.7.3297
CVE-2025-62849 - December 16, 2025

QNAP QTS Format String Vulnerability v5.2.6.3195 Remote Exploit
CVE-2025-53407 - October 03, 2025

Format String in QTS/QuTS hero 5.2.6.3195 Allows Remote Data Leak
CVE-2025-53406 - October 03, 2025

QNAP QTS/QuTS hero 5.2.6.3195 NPD Remote Admin DoS
CVE-2025-52866 - October 03, 2025

QNAP QTS/QuTS hero NULL ptr DoS before 5.2.6.3195
CVE-2025-52862 - October 03, 2025

QNAP QTS/QuTS hero NULL Ptr Deref DoS before 5.2.6.3195
CVE-2025-52860 - October 03, 2025

QNAP QTS 5.2.6.3195: NULL ptr DoS Remote Attacker
CVE-2025-52859 - October 03, 2025

NULL Pointer Deref in QNAP QTS & QuTS hero 5.2.6.3195 Before build 20250715 DoS
CVE-2025-52858 - October 03, 2025

QNAP QTS/QuTS hero NULL ptr deref DoS pre 5.2.6.3195
CVE-2025-52857 - October 03, 2025

QNAP QTS/QuTS Hero Remote Admin Null Ptr Deref DoS - fixed 5.2.6.3195
CVE-2025-52855 - October 03, 2025

QTS QNAP OS NPE DoS (5.2.6.3195) Remote Admin
CVE-2025-52854 - October 03, 2025

QNAP OS QTS/QuTS hero DoS via NULL ptr in pre-5.2.6.3195
CVE-2025-52853 - October 03, 2025

NULL PTR DoS in QNAP QTS 5.2.6.3195 & QuTS Hero 5.2.6.3195
CVE-2025-52433 - October 03, 2025

CVE-2025-52432: Null Pointer Deref in QNAP QTS/QuTS hero OS DoS (fixed 5.2.6.3195+/5.3.0.3192+)
CVE-2025-52432 - October 03, 2025

Format String Vulnerability in QTS 5.2.6.3195+ (CVE202552429)
CVE-2025-52429 - October 03, 2025

QTS NULL Pointer Deref DoS in <=5.2.6.3194, Fixed 5.2.6.3195
CVE-2025-52428 - October 03, 2025

QNAP QTS/QuTS hero 5.2.x NULL Pointer DoS Vulnerability
CVE-2025-52427 - October 03, 2025

QTS 5.2.6.3195 NULL ptr DoS after admin takeover
CVE-2025-52424 - October 03, 2025

External Format String issue in QNAP QTS/QuTS <5.2.6.3195 (pre-5.2.6.3195)
CVE-2025-48730 - October 03, 2025

QNAP QTS/QuTS hero NULL PTR DoS prior 5.2.6.3195
CVE-2025-48729 - October 03, 2025

QNAP QTS Null Ptr DoS before 5.2.6.3195
CVE-2025-48728 - October 03, 2025

QNAP OS NULL Pointer DoS (QTS 5.2.6.3195+, QuTS hero h5.2.6.3195+)
CVE-2025-48727 - October 03, 2025

QTS <5.2.6.3195: NULL ptr deref DoS via admin
CVE-2025-48726 - October 03, 2025

QNAP QTS 5.2.6.3195 NULL PTR Deref DoS
CVE-2025-47214 - October 03, 2025

QNAP QTS/QuTS NULL Pointer DoS (remote admin) before 5.2.6.3195
CVE-2025-47213 - October 03, 2025

Command Injection Remote Exec in QNAP QTS/QuTS hero <5.2.6.3195
CVE-2025-47212 - October 03, 2025

Path Traversal in QTS 5.2.6.3195 (QNAP) admin reads arbitrary files
CVE-2025-47211 - October 03, 2025

QNAP
Vendor

QNAP Qts
Product