CVE-2024-14026
QTS, QuTS hero
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later
| CWE | CWE-78 |
| Vendor | qnap systems inc. |
| Product | qts |
| Published | Mar 11, 2026 |
| Last Updated | Mar 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for qnap systems inc. qts
Be the first to know when new unknown vulnerabilities affecting qnap systems inc. qts are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
QNAP Systems Inc. / QTS
5.1.x < 5.1.9.2954 build 20241120 5.2.x < 5.2.3.3006 build 20250108
QNAP Systems Inc. / QuTS hero
h5.1.x < h5.1.9.2954 build 20241120 h5.2.x < h5.2.3.3006 build 20250108