Primary

Context

QNAP Media Streaming Add-on Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability exists in the QNAP Media Streaming add-on versions 500.1.x. This vulnerability allows an attacker with local network access and a user account to execute arbitrary commands on the affected system.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the system where the Media Streaming add-on is installed.

Remediation

Users are advised to update the Media Streaming add-on to version 500.1.1.6 or later. Instructions for updating the add-on are available on the QNAP website.

Added: Feb 11, 2026, 1:42 PM

Updated: Feb 11, 2026, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

3.5

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

3.5

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP Media Streaming Add-on Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

QNAP Media Streaming add-on

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating