Primary

Context

QNAP File Station 5 Static Code Injection Vulnerability Allowing Access to Restricted Data

Vulnerability

A static code injection vulnerability has been identified in QNAP File Station 5 versions 5.5.x. This vulnerability allows remote attackers with user account access to inject directives into statically saved code, potentially leading to unauthorized access to restricted data or files.

Impact

Exploitation of this vulnerability could result in unauthorized access to restricted data or files.

Remediation

Users are advised to update QNAP File Station 5 to version 5.5.6.5190 or later.

Added: Feb 11, 2026, 1:25 PM

Updated: Feb 11, 2026, 4:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP File Station 5 Static Code Injection Vulnerability Allowing Access to Restricted Data

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating