CNNVD-202602-1951 Information
CNNVD ID
CNNVD-202602-1951
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
QNAP Systems QTS和QNAP Systems QuTS hero都是中国台湾威联通科技(QNAP Systems)公司的一个具有数据存储与管理功能的软件。 QNAP Systems QTS 5.2.8.3350之前版本和QNAP Systems QuTS hero h5.3.2.3354之前版本、h5.2.8.3350之前版本存在后置链接漏洞,该漏洞源于存在链接跟随漏洞,可能导致远程攻击者遍历文件系统。
Description (English)
QNAP Systems QTS and QNAP Systems QTS Hero are both software with data storage and management functions at QNAP Systems. Pre-QNAP Systems QTS 5.2.8.3350 and pre-QNAP Systems Quts hero h5.3.3.2.3354 and pre-h5.2.8.3350 have a backlink loophole, which stems from the existence of a link following a loophole that may cause remote attackers to cross the file system.
Vulnerability Type
后置链接
Affected Vendor
威联通科技
Published
2026-02-11
Last Modified
2026-02-24
References
https://www.qnap.com/en/security-advisory/qsa-26-05 https://access.redhat.com/security/cve/cve-2025-66277
Patch
https://www.qnap.com/en/security-advisory/qsa-26-05
Share on: