Primary

Context

QNAP Authentication Bypass Vulnerability Allowing Unauthorized Access to Resources

Vulnerability

Patched

A vulnerability allowing authentication bypass through spoofing has been identified in multiple QNAP operating system versions. This issue enables remote attackers to access resources that would typically require proper authentication. The vulnerability has been addressed in QTS 5.2.7.3297 build 20251024 and later, as well as in QuTS hero h5.2.7.3297 build 20251024 and QuTS hero h5.3.1.3292 build 20251024.

Impact

Exploitation of this vulnerability allows unauthorized access to resources, bypassing normal authentication requirements.

Remediation

Users can upgrade to QTS 5.2.7.3297 build 20251024 or later, or to QuTS hero h5.2.7.3297 build 20251024 or h5.3.1.3292 build 20251024.

Added: Dec 16, 2025, 3:31 AM

Updated: Dec 16, 2025, 3:31 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

7.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

7.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP Authentication Bypass Vulnerability Allowing Unauthorized Access to Resources

Vulnerability

Impact

Remediation

Affected Products

QNAP QTS

QNAP QuTS hero

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating