← Back

CVE-2026-41539

nvd nist
Published: Jun 9, 2026Modified: Jun 12, 2026

JSON object

Loading...
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: security@qnapsecurity.com.tw (Secondary)

Description

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3500 build 20260520 and later

Affected (56)

Products: Qnap: Qts, Quts Hero
Qnap
2 products
Qts
Quts Hero
Configuration A
23 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 5.2.0.2737 build_20240417
Qts
Version 5.2.0.2744 build_20240424
Qts
Version 5.2.0.2782 build_20240601
Qts
Version 5.2.0.2802 build_20240620
Qts
Version 5.2.0.2823 build_20240711
Qts
Version 5.2.0.2851 build_20240808
Qts
Version 5.2.0.2860 build_20240817
Qts
Version 5.2.1.2930 build_20241025
Qts
Version 5.2.2.2950 build_20241114
Qts
Version 5.2.3.3006 build_20250108
Qts
Version 5.2.4.3070 build_20250312
Qts
Version 5.2.4.3079 build_20250321
Qts
Version 5.2.4.3092 build_20250403
Qts
Version 5.2.5.3145 build_20250526
Qts
Version 5.2.6.3195 build_20250715
Qts
Version 5.2.6.3229 build_20250818
Qts
Version 5.2.7.3256 build_20250913
Qts
Version 5.2.7.3297 build_20251024
Qts
Version 5.2.8.3332 build_20251128
Qts
Version 5.2.8.3350 build_20251216
Qts
Version 5.2.8.3359 build_20251225
Qts
Version 5.2.9.3410 build_20260214
Qts
Version 5.2.9.3451 build_20260327
Configuration B
33 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Quts Hero
Version h5.2.0.2737 build_20240417
Quts Hero
Version h5.2.0.2782 build_20240601
Quts Hero
Version h5.2.0.2789 build_20240607
Quts Hero
Version h5.2.0.2802 build_20240620
Quts Hero
Version h5.2.0.2823 build_20240711
Quts Hero
Version h5.2.0.2851 build_20240808
Quts Hero
Version h5.2.0.2860 build_20240817
Quts Hero
Version h5.2.1.2929 build_20241025
Quts Hero
Version h5.2.1.2940 build_20241105
Quts Hero
Version h5.2.2.2952 build_20241116
Quts Hero
Version h5.2.3.3006 build_20250108
Quts Hero
Version h5.2.4.3070 build_20250312
Quts Hero
Version h5.2.4.3079 build_20250321
Quts Hero
Version h5.2.5.3138 build_20250519
Quts Hero
Version h5.2.6.3195 build_20250715
Quts Hero
Version h5.2.7.3256 build_20250913
Quts Hero
Version h5.2.7.3297 build_20251024
Quts Hero
Version h5.2.8.3321 build_20251117
Quts Hero
Version h5.2.8.3350 build_20251216
Quts Hero
Version h5.2.8.3359 build_20251225
Quts Hero
Version h5.2.9.3410 build_20260214
Quts Hero
Version h5.2.9.3492 build_20260507
Quts Hero
Version h5.3.0.3115 build_20250430
Quts Hero
Version h5.3.0.3145 build_20250530
Quts Hero
Version h5.3.0.3192 build_20250716
Quts Hero
Version h5.3.1.3250 build_20250912
Quts Hero
Version h5.3.1.3292 build_20251024
Quts Hero
Version h5.3.2.3354 build_20251225
Quts Hero
Version h5.3.3.3424 build_20260305
Quts Hero
Version h6.0.0.3324 build_20251125
Quts Hero
Version h6.0.0.3382 build_20260122
Quts Hero
Version h6.0.0.3397 build_20260206
Quts Hero
Version h6.0.0.3459 build_20260409

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: security@qnapsecurity.com.tw
Broken Link

Timeline

No history available yet.