Missing Auth on Critical Function in QVR Pro before 2.7.4.14
CVE-2026-22898 Published on March 20, 2026
QVR Pro
A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.
We have already fixed the vulnerability in the following version:
QVR Pro 2.7.4.14 and later
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2026-22898
Want to know whenever a new CVE is published for QNAP Qvr Pro? stack.watch will email you.
Affected Versions
QNAP Systems Inc. QVR Pro:- Version 2.7.x and below 2.7.4.14 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.