CVE-2024-11399
Analyzed Analyzed - Analysis Complete
Files Accessible to External Parties in Synology BeeDrive

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: Synology Inc.

Description
Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2024-11399
EUVD
EUVD-2024-55592
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
synology beedrive to 1.3.2-13814 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

There are no specific detection methods or commands provided in the available information for identifying this vulnerability on your network or system.

The advisory recommends upgrading BeeDrive for desktop to version 1.3.2-13814 or later to resolve the vulnerability.

Mitigation Strategies

The vulnerability CVE-2024-11399 in Synology BeeDrive for desktop can be mitigated by upgrading the software to version 1.3.2-13814 or later.

No additional mitigation steps are required beyond applying this update.

Executive Summary

This vulnerability exists in the redis-server component of Synology BeeDrive for desktop versions before 1.3.2-13814. It allows local users to access files or directories that should not be accessible to external parties. Through unspecified methods, these local users can perform denial-of-service (DoS) attacks.

Impact Analysis

The vulnerability can lead to denial-of-service attacks by local users, which may disrupt the availability of the affected system or service. Although it does not impact confidentiality, it can impair system integrity and availability.

Compliance Impact

The provided information does not specify how the CVE-2024-11399 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-11399. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart