CVE-2026-22900: QuNetSwitch 2.0.5.0906 Fixed Hard-Coded Credentials
CVE-2026-22900 Published on March 20, 2026

QuNetSwitch
A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later

NVD

Weakness Type

Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Affected Versions

QNAP Systems Inc. QuNetSwitch:

Version 2.0.x and below 2.0.5.0906 is affected.

Exploit Probability

EPSS

0.17%

Percentile

38.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2026-22900: QuNetSwitch 2.0.5.0906 Fixed Hard-Coded CredentialsCVE-2026-22900 Published on March 20, 2026

Weakness Type

Use of Hard-coded Credentials

Affected Versions

Exploit Probability

CVE-2026-22900: QuNetSwitch 2.0.5.0906 Fixed Hard-Coded Credentials
CVE-2026-22900 Published on March 20, 2026