CVE-2026-26239
A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. ...
Affects 0 products across 1 vendor.
Buffer overflow corrupting the program stack, typically overwriting the return address for code execution.
QNAP File Station 5, a file management application commonly deployed on NAS devices used in operational environments for data archiving and file sharing, contains a buffer overflow vulnerability. An authenticated remote attacker who has obtained a valid user account can exploit this flaw to corrupt memory or crash processes, potentially enabling arbitrary code execution or denial of service. In OT/ICS environments where QNAP NAS devices are used for historian data storage, backup, or file transfer, exploitation could disrupt data availability or pivot to connected operational systems.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2026-26239?
Is CVE-2026-26239 actively exploited?
How do I remediate CVE-2026-26239?
What systems are affected by CVE-2026-26239?
| CVE ID | CVE-2026-26239 |
|---|---|
| Published | 2026-06-10 |
| Last Modified | 2026-06-10 |
| ICS Relevance | 70% |
| Weakness (CWE) | |
| Source | NVD |
A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Qnap | — | — |
Fixed Version: File Station 5 5.5.6.5208
Resolves a buffer overflow vulnerability in File Station 5 by implementing proper input validation and bounds checking on memory operations accessible to authenticated remote users, preventing memory corruption and process crashes.
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy rules on perimeter firewall and IDS/IPS sensors in front of QNAP NAS devices. Block all inbound connections to QNAP management interfaces (ports 8080, 443, 8081) from untrusted or external networks. Alert on oversized HTTP POST requests to File Station URIs as a heuristic indicator of overflow attempts. Apply rules at network ingress and at any east-west segmentation boundary between IT and OT VLANs.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →