QNAP File Station <=5.5.6.5243 Auth Bypass via Wrong Authorization
CVE-2026-24724 Published on June 10, 2026
File Station 5
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2026-24724 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-24724
Want to know whenever a new CVE is published for QNAP File Station? stack.watch will email you.
Affected Versions
QNAP Systems Inc. File Station 5:- Version 5.5.0 and below 5.5.6.5243 is affected.