Primary

Context

QNAP Qfinder Pro, Qsync, and QVPN Device Client Path Traversal Vulnerability

Vulnerability

Patched

A path traversal vulnerability exists in QNAP Qfinder Pro, Qsync, and QVPN Device Client for Mac, specifically in versions prior to the fixed releases. This vulnerability allows local attackers with user accounts to access and read unintended files or system data. The issue has been resolved in Qfinder Pro Mac 7.13.0 and later, Qsync for Mac 5.1.5 and later, and QVPN Device Client for Mac 2.2.8 and later.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files or system data.

Remediation

Users are advised to update to the latest versions of Qfinder Pro, Qsync, and QVPN Device Client for Mac. The latest updates can be found on the QNAP Utilities page.

Added: Jan 2, 2026, 4:27 PM

Updated: Jan 2, 2026, 4:55 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP Qfinder Pro, Qsync, and QVPN Device Client Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

QNAP Qfinder Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating