Primary

Context

Synology Safe Access Cross-Site Scripting Vulnerability Allowing File Manipulation or Limited Denial-of-Service

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in Synology Safe Access versions prior to 1.3.1-0329. This issue allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information. Additionally, it enables the execution of limited denial-of-service attacks within the SRM environment.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the injection of malicious scripts that could be executed in the context of the user's browser. This could also result in unauthorized reading or writing of certain files, as well as causing limited denial-of-service disruptions in SRM.

Remediation

Users are advised to upgrade to Synology Safe Access version 1.3.1-0329 or above.

Added: May 27, 2026, 9:44 AM

Updated: May 27, 2026, 9:44 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.4

exploitability

4.1

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.4

exploitability

4.1

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology Safe Access Cross-Site Scripting Vulnerability Allowing File Manipulation or Limited Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Synology Safe Access

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating