Primary

Context

QNAP HBS 3 Hybrid Backup Sync Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability has been identified in QNAP HBS 3 Hybrid Backup Sync versions 26.1.x and earlier, allowing for the generation of error messages that inadvertently disclose sensitive information. This vulnerability can be exploited by an attacker with local network access to read application data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive application data.

Remediation

Users are advised to update HBS 3 Hybrid Backup Sync to version 26.2.0.938 or later. Instructions for updating the application are available on the QNAP website.

Added: Jan 2, 2026, 4:24 PM

Updated: Jan 2, 2026, 4:51 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP HBS 3 Hybrid Backup Sync Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

QNAP HBS 3 Hybrid Backup Sync

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating