vulnerability

QNAP QTS: CVE-2022-27596: Vulnerability in QTS and QuTS hero

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jan 30, 2023	Aug 4, 2025	Oct 16, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jan 30, 2023

Added

Aug 4, 2025

Modified

Oct 16, 2025

Description

A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code. QTS 5.0.0, QTS 4.x.x, QuTS hero 5.0.0 and QuTS hero 4.5.x are not affected. We have already fixed this vulnerability in the following operating system versions: QTS 5.0.1.2234 build 20221201 and later QuTS hero h5.0.1.2248 build 20221215 and later

Solution

qnap-qts-upgrade-latest

References

CWE-89
CVE-2022-27596
https://attackerkb.com/topics/CVE-2022-27596
URL-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27596
URL-https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-27596
URL-https://www.qnap.com/en-uk/security-advisory/QSA-23-01

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today