CVE-2026-24724
Received Received - Intake
Incorrect Authorization Bypass in QNAP File Station

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: QNAP Systems, Inc.

Description
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-24724
EUVD
EUVD-2026-35980
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
qnap file_station From 5.5.6.5243 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an incorrect authorization issue affecting File Station 6. It allows a remote attacker who has obtained a user account to bypass the intended access restrictions within the system.

Impact Analysis

If exploited, this vulnerability can allow an attacker with a user account to access resources or data that they should not be authorized to access, potentially leading to unauthorized data exposure or manipulation.

Mitigation Strategies

To mitigate this vulnerability, you should update File Station to version 5.5.6.5243 or later, where the issue has been fixed.

Additionally, ensure that user accounts are secured to prevent unauthorized remote access, as exploitation requires a remote attacker to have a user account.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24724. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart