Primary

Context

QNAP QTS and QuTS hero Uninitialized Variable Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A vulnerability allowing the use of uninitialized variables has been identified in QNAP's QTS and QuTS hero operating systems, specifically in versions 5.2.x. This vulnerability can be exploited by remote attackers who gain access to an administrator account, leading to denial-of-service conditions or unexpected modifications in control flow.

Impact

Exploitation of this vulnerability can cause denial-of-service conditions or allow for unexpected modifications in control flow.

Remediation

Users can update to QTS 5.2.8.3350 build 20251216 or QuTS hero h5.2.8.3350 build 20251216. Instructions for updating QTS or QuTS hero are available on the QNAP website.

Added: Feb 11, 2026, 1:44 PM

Updated: Feb 11, 2026, 5:12 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

3.1

exploitability

6.3

remediation

0.0

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

3.1

exploitability

6.3

remediation

0.0

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP QTS and QuTS hero Uninitialized Variable Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

QNAP QTS

QNAP QuTS hero

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating