CVE-2025-66281
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CWE
- CWE-476
Description
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-24716 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-22899 — A NULL pointer dereference vulnerability has been reported to affect File Station 6
- CVE-2025-62850 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-45541 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.5 HIGH)
- CVE-2026-9752 — An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollect... (6.5 MEDIUM)