QNAP Qumagie
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in QNAP Qumagie.
By the Year
In 2026 there have been 3 vulnerabilities in QNAP Qumagie. Last year, in 2025 Qumagie had 2 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 0.00 |
| 2025 | 2 | 0.00 |
| 2024 | 4 | 7.70 |
| 2023 | 3 | 8.80 |
It may take a day or so for new Qumagie vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent QNAP Qumagie Security Vulnerabilities
QuMagie: Missing Auth Unauth Data Access, fixed v2.9.0
CVE-2026-26237
- June 10, 2026
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later
AuthZ
QuMagie <2.9.1 Auth Bypass via User-Controlled Key
CVE-2026-44083
- June 09, 2026
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later
Insecure Direct Object Reference / IDOR
Missing Auth in QuMagie 2.9.0 Fixed (CVE-2026-26236)
CVE-2026-26236
- June 09, 2026
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later
AuthZ
SQLi in QuMagie <2.7.0 Unauthenticated Remote Code Exec
CVE-2025-52425
- November 07, 2025
An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later
SQL Injection
QuMagie <2.7.3 Path Traversal CVE-2025-58464
CVE-2025-58464
- November 07, 2025
A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3 and later
Relative Path Traversal
Improper Cert Validation in QuMagie <2.3.1 Enables Local Network Abuse
CVE-2024-38642
7.8 - High
- September 06, 2024
An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later
Improper Certificate Validation
SQL Injection in QuMagie (before 2.2.1) Authenticated Network Exploit
CVE-2023-47219
8.8 - High
- January 05, 2024
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
SQL Injection
QuMagie 2.2.1 Fixed: Authenticated OS Command Injection via Network
CVE-2023-47560
8.8 - High
- January 05, 2024
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
Shell injection
Authenticated XSS in QuMagie < 2.2.1 (fixed in 2.2.1)
CVE-2023-47559
5.4 - Medium
- January 05, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
XSS
SQLi Vulnerability in QuMagie <2.1.4 via Authenticated Network Access
CVE-2023-41285
8.8 - High
- November 10, 2023
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later
QuMagie SQLi for Authenticated Users (pre-2.1.4)
CVE-2023-41284
8.8 - High
- November 10, 2023
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later
QuMagie OS Command Injection (V5) Authenticated Nwk Exec Fixed in 2.1.3
CVE-2023-39295
8.8 - High
- November 10, 2023
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for QNAP Qumagie or by QNAP? Click the Watch button to subscribe.
