QSearchQSearch

CVE-2025-66279

A command injection vulnerability has been reported to affect several QNAP operating system versions

Published: 2026-06-10 · Last updated: 2026-06-10

Severity and scoring

CWE
CWE-78

Description

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-24719 A command injection vulnerability has been reported to affect several QNAP operating system versions
  • CVE-2026-22893 A command injection vulnerability has been reported to affect several QNAP operating system versions
  • CVE-2025-66273 A command injection vulnerability has been reported to affect several QNAP operating system versions
  • CVE-2026-49959 Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitr... (8.8 HIGH)
  • CVE-2026-25089 A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0... (9.8 CRITICAL)