CVE-2026-22900
Received
Received - Intake
Hard-Coded Credentials in QuNetSwitch Allow Unauthorized Access
Vulnerability report for CVE-2026-22900, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-20
Last updated on: 2026-03-25
Assigner: QNAP Systems, Inc.
Description
Description
A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access.
We have already fixed the vulnerability in the following version:
QuNetSwitch 2.0.5.0906 and later
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | qunetswitch | From 2.0.1.13077 (inc) to 2.0.5.0906 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |