Command Injection in Media Streaming Add-on <=500.1.1.5
CVE-2024-56808 Published on February 11, 2026

Media Streaming add-on
A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later

NVD

Weakness Type

What is a Shell injection Vulnerability?

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE-2024-56808 has been classified to as a Shell injection vulnerability or weakness.

Affected Versions

QNAP Systems Inc. Media Streaming add-on:

Version 500.1.x and below 500.1.1.6 ( 2024/08/02 ) is affected.

Exploit Probability

EPSS

0.05%

Percentile

14.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Command Injection in Media Streaming Add-on <=500.1.1.5CVE-2024-56808 Published on February 11, 2026

Weakness Type

What is a Shell injection Vulnerability?

Affected Versions

Exploit Probability

Command Injection in Media Streaming Add-on <=500.1.1.5
CVE-2024-56808 Published on February 11, 2026