HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2026-22897

CVSS 8.1v4.0pub. 2026-03-20upd. 2026-03-25

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Qnap Qunetswitch

    APP
    Qnap
    2.0.1.13077 – 2.0.4.0415 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2021-28813CRITICAL9.6ten sam produkt

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2...

CVE-2026-22900MEDIUM6.8ten sam produkt

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers ca...

CVE-2026-22901MEDIUM6.3ten sam produkt

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user a...

CVE-2026-22902MEDIUM5.7ten sam produkt

A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an admini...

CVE-2022-27593CRITICAL10.0⚠ KEVten sam vendor

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...