CVE-2026-24717
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to re...
Affects 0 products across 1 vendor.
Attacker manipulates file path inputs to access files outside the intended directory.
CVE-2026-24717 is a path traversal vulnerability affecting multiple QNAP NAS operating system versions (QTS and QuTS hero). A remote attacker who has obtained or compromised an administrator account can exploit this flaw to read arbitrary files and sensitive system data outside intended directories. In OT environments where QNAP NAS devices are used for historian data storage, backup, or file sharing, successful exploitation could expose process data, credentials, configuration files, or operational records, amplifying the impact of an initial account compromise.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2026-24717?
Is CVE-2026-24717 actively exploited?
How do I remediate CVE-2026-24717?
What systems are affected by CVE-2026-24717?
| CVE ID | CVE-2026-24717 |
|---|---|
| Published | 2026-06-10 |
| Last Modified | 2026-06-10 |
| ICS Relevance | 70% |
| Weakness (CWE) | |
| Source | NVD |
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Qnap | — | — |
Fixed Version: QTS 5.2.9.3492 build 20260507; QuTS hero h5.2.9.3499 build 20260514; QuTS hero h5.3.4.3500 build 20260520; QuTS hero h6.0.0.3459 build 20260409
Patches add proper sanitization and canonicalization of file path inputs to prevent directory traversal, ensuring all file access operations are confined to intended base directories across affected QTS and QuTS hero operating system versions.
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy rules on perimeter firewall and network IDS/IPS sensors monitoring traffic destined for QNAP NAS management interfaces (TCP 443, 8080, 8443). Block or alert on HTTP requests containing path traversal sequences (../, %2e%2e/, %252e%252e/) in URI. Additionally, apply WAF policies on any reverse proxy in front of QNAP devices. Restrict access to QNAP web interfaces to approved management workstation IP addresses only via firewall ACL.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →