QuMagie: Missing Auth Unauth Data Access, fixed v2.9.0
CVE-2026-26237 Published on June 10, 2026
QuMagie
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.
We have already fixed the vulnerability in the following version:
QuMagie 2.9.0 and later
Weakness Types
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-26237 has been classified to as an AuthZ vulnerability or weakness.
What is a Privacy violation Vulnerability?
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CVE-2026-26237 has been classified to as a Privacy violation vulnerability or weakness.
Products Associated with CVE-2026-26237
Want to know whenever a new CVE is published for QNAP Qumagie? stack.watch will email you.
Affected Versions
QNAP Systems Inc. QuMagie:- Version 2.9.0 and below 2.9.0 is affected.