HIGH✓ PATCH🇬🇧 English

CVE-2026-26237

CVSS 8.7v4.0pub. 2026-06-10upd. 2026-06-12

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Qnap Qumagie

    APP
    Qnap
    < 2.9.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2025-52425CRITICAL9.5PL ✓ten sam produkt

SQL Injection w QNAP QuMagie umożliwiający zdalne wykonanie kodu

CVE-2026-26236HIGH8.7ten sam produkt

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then explo...

CVE-2026-44083HIGH8.7ten sam produkt

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The rem...

CVE-2025-58464HIGH7.8ten sam produkt

A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can th...

CVE-2023-47560HIGH7.4ten sam produkt

An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability cou...

CVE-2026-26237 — HIGH 8.7 | CVEbaza.pl