{"cve":{"cve_id":"CVE-2026-24717","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00392,"epss_percentile":0.3089,"epss_as_of":"2026-06-23","description":"A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3492 build 20260507 and later\nQuTS hero h5.2.9.3499 build 20260514 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3459 build 20260409 and later","published_at":"2026-06-10T03:14:46.063000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":5.1,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-22"],"nvd_references":["https://www.qnap.com/en/security-advisory/qsa-26-34"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:29:21.829759Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"qts","product_name":"QTS","version_start":"5.2.0","version_start_inclusive":true,"version_end":"5.2.9.3492 build 20260507","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:qts:5.2.0:5.2.9.3492 build 20260507"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"quts-hero","product_name":"QuTS hero","version_start":"h5.2.0","version_start_inclusive":true,"version_end":"h5.2.9.3499 build 20260514","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:quts-hero:h5.2.0:h5.2.9.3499 build 20260514"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"quts-hero","product_name":"QuTS hero","version_start":"h5.3.0","version_start_inclusive":true,"version_end":"h5.3.4.3500 build 20260520","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:quts-hero:h5.3.0:h5.3.4.3500 build 20260520"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"quts-hero","product_name":"QuTS hero","version_start":"?","version_start_inclusive":true,"version_end":"h6.0.0.3459 build 20260409","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:quts-hero:?:h6.0.0.3459 build 20260409"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-34","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-10T03:14:46.063000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:51:59.897730Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:51:59.897730Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:51:59.897730Z","label":"CVSS score revised","source":"cvelistv5"}]}