Primary

Context

Synology Hyper Backup Path Traversal Vulnerability in Backup.Repository WebAPI Component

Vulnerability

Patched

A path traversal vulnerability has been identified in the Backup.Repository web API component of Synology Hyper Backup, affecting versions prior to 4.1.2-4036. This vulnerability allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information to restricted directories, through unspecified vectors.

Impact

Exploitation of this vulnerability could lead to unauthorized file writing in restricted directories, potentially allowing for further exploitation or manipulation of the application or system.

Added: Jun 3, 2026, 2:23 PM

Updated: Jun 3, 2026, 2:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

4.8

remediation

0.0

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

4.8

remediation

0.0

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology Hyper Backup Path Traversal Vulnerability in Backup.Repository WebAPI Component

Vulnerability

Impact

Affected Products

Synology Hyper Backup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating