QuMagie <2.9.1 Auth Bypass via User-Controlled Key
CVE-2026-44083 Published on June 9, 2026

QuMagie
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later

NVD

Weakness Type

What is an Insecure Direct Object Reference / IDOR Vulnerability?

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVE-2026-44083 has been classified to as an Insecure Direct Object Reference / IDOR vulnerability or weakness.

Products Associated with CVE-2026-44083

Want to know whenever a new CVE is published for QNAP Qumagie? stack.watch will email you.

QNAP Qumagie

Affected Versions

QNAP Systems Inc. QuMagie:

Version 2.9.0 and below 2.9.1 is affected.

QuMagie <2.9.1 Auth Bypass via User-Controlled KeyCVE-2026-44083 Published on June 9, 2026

Weakness Type

What is an Insecure Direct Object Reference / IDOR Vulnerability?

Products Associated with CVE-2026-44083

Affected Versions

QuMagie <2.9.1 Auth Bypass via User-Controlled Key
CVE-2026-44083 Published on June 9, 2026