CVE-2026-22899
A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service...
Affects 0 products across 1 vendor.
Software attempts to use a NULL pointer, causing a crash and denial of service.
CVE-2026-22899 affects QNAP File Station 6, a web-based file management application commonly used on NAS devices. An authenticated remote attacker can exploit a NULL pointer dereference to crash the File Station service, resulting in a denial-of-service condition. In OT environments where QNAP NAS devices are used for data historians, backup, or file transfer between IT/OT segments, this could disrupt operational data availability and logging continuity.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2026-22899?
Is CVE-2026-22899 actively exploited?
How do I remediate CVE-2026-22899?
What systems are affected by CVE-2026-22899?
| CVE ID | CVE-2026-22899 |
|---|---|
| Published | 2026-06-10 |
| Last Modified | 2026-06-10 |
| ICS Relevance | 55% |
| Weakness (CWE) | |
| Source | NVD |
A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Qnap | — | — |
Fixed Version: File Station 5 5.5.6.5208
Resolves a NULL pointer dereference in File Station 6 that could be exploited by authenticated remote attackers to cause a denial-of-service condition. The fix is delivered in File Station 5 version 5.5.6.5208 and later; customers running File Station 6 should monitor for a corresponding update.
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy rules at perimeter and internal DMZ firewalls blocking access to QNAP NAS HTTP/HTTPS management ports (80, 443, 8080) from all sources except explicitly authorized management workstations. Enforce authenticated session rate-limiting on the NAS device itself if configurable. Monitor for repeated authenticated POST requests to File Station API endpoints as a DoS indicator.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →