Qnapsystemsinc Qts
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Qnapsystemsinc Qts.
By the Year
In 2026 there have been 22 vulnerabilities in Qnapsystemsinc Qts. Last year, in 2025 Qts had 4 security vulnerabilities published. That is, 18 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 22 | 0.00 |
| 2025 | 4 | 0.00 |
It may take a day or so for new Qts vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Qnapsystemsinc Qts Security Vulnerabilities
QNAP QTS 5.2.8.3332 Path Traversal Allowing Admin File Read
CVE-2025-59381
- January 02, 2026
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
Directory traversal
QTS 5.2.8.3332+ Path Traversal Enables Admin File Read
CVE-2025-59380
- January 02, 2026
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
Directory traversal
QNAP QTS/QuTS Hero Info Disclosure (before 5.2.8.3332)
CVE-2025-9110
- January 02, 2026
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later
Exposure of Sensitive System Information to an Unauthorized Control Sphere
QNAP QTS/QuTS hero: Resource Allocation Bypass (CVE-2025-57705)
CVE-2025-57705
- January 02, 2026
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Allocation of Resources Without Limits or Throttling
QNAP OS OOB Read CVE-2025-54166 (Fixed in QTS 5.2.7.3256+ / QuTS hero 5.2.7.3256+)
CVE-2025-54166
- January 02, 2026
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Out-of-bounds Read
OOB Read in QNAP QTS <5.2.7.3256 & QuTS Hero <5.3.1.3250 Remote Data Leak
CVE-2025-54165
- January 02, 2026
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Out-of-bounds Read
Out-of-Bounds Read in QNAP QTS before 5.2.7.3256/QuTS hero before 5.3.1.3250
CVE-2025-54164
- January 02, 2026
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Out-of-bounds Read
QNAP QTS NULL Pointer DoS via Remote Admin (Fixed v5.2.7.3256+)
CVE-2025-53596
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero Buffer Overflow Fixed in 5.2.7.3256
CVE-2025-53593
- January 02, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Stack Overflow
QNAP QTS/QuTS Hero NULL_PTR DoS v before 5.2.7.3256/5.3.1.3250
CVE-2025-53592
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
NULL Pointer Dereference
QTS Format String Vulnerability (CVE-2025-53591) Fixed in 5.2.7.3256
CVE-2025-53591
- January 02, 2026
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
Use of Externally-Controlled Format String
QNAP QTS Null Pointer DoS (before 5.2.7.3256)
CVE-2025-53589
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
NULL Pointer Dereference
QNAP QTS/QuTS NULL ptr DoS CVE-2025-53414 fixed 5.2.7.3256/5.3.1.3250
CVE-2025-53414
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
NULL Pointer Dereference
QTS <5.2.7.3256 Null Pointer DoS via Remote Admin
CVE-2025-53405
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero Buffer Overflow CVE-2025-52872 (pre-5.3.0.3192)
CVE-2025-52872
- January 02, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later
Classic Buffer Overflow
Buffer Overflow in QNAP QTS/QuTS hero before 5.2.7.3256
CVE-2025-52864
- January 02, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later
Classic Buffer Overflow
QNAP QTS/QuTS Hero BF Overflow (Pre-5.2.7/5.3.0)
CVE-2025-52863
- January 02, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later
Classic Buffer Overflow
QNAP QTS 5.2.7.3256+ QuTS 5.3.1+ Null Pointer Deref DoS
CVE-2025-52431
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero NullPointer DoS (before 5.2.7.3256)
CVE-2025-52430
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
NULL Pointer Dereference
Null Pointer Deref in QNAP QTS 5.2.x / QuTS Hero 5.3.x DoS
CVE-2025-52426
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
NULL Pointer Dereference
QNAP QTS Resource Allocation DoS (before 5.2.6, fixed 5.2.6.3195)
CVE-2025-47208
- January 02, 2026
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Allocation of Resources Without Limits or Throttling
QNAP QTS/QuTS Hero NULL ptr deref DoS (before 5.2.6.3195)
CVE-2025-44013
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS 5.2.7 Auth Bypass via Spoofing (fixed 5.2.7.3297)
CVE-2025-59385
- December 16, 2025
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Authentication Bypass by Spoofing
Command Injection: QNAP QTS 5.2.7.3297 & QuTS hero 5.3.1
CVE-2025-62847
- December 16, 2025
An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Argument Injection
QNAP QTS/QuTS Hero Null Pointer DoS (pre 5.3.1.3292)
CVE-2025-62848
- December 16, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
NULL Pointer Dereference
SQL Injection in QNAP QTS/QuTS Hero <5.2.7.3297
CVE-2025-62849
- December 16, 2025
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Qnapsystemsinc Qts or by Qnapsystemsinc? Click the Watch button to subscribe.
