GHSA-8fh7-4j6j-cx8g · Severity: high — A command injection vulnerability has been reported to affect several QNAP operating system...
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later
Conclusion & alert: CVE-2026-24719 is rated Moderate Risk (44.5/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.97%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-16 | 0.82% | 0.97% | +0.14% |
| 2 | 2026-06-15 | 0.52% | 0.82% | +0.30% |
| 3 | 2026-06-10 | — | 0.52% | — |
Full EPSS history (3 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.1 | 4.0 | MEDIUM |
|
— | — | [email protected] |
| 7.2 | 3.1 | HIGH |
|
1.2 | 5.9 | [email protected] |
GHSA-8fh7-4j6j-cx8g · Severity: high — A command injection vulnerability has been reported to affect several QNAP operating system...