CVE-2026-24724

Analyzed Analyzed - Analysis Complete

Incorrect Authorization Bypass in QNAP File Station

Publication date: 2026-06-10

Last updated on: 2026-06-12

Assigner: QNAP Systems, Inc.

Description

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-10

Last Modified

2026-06-12

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-29

NVD

CVE-2026-24724

EUVD

EUVD-2026-35980

Affected Vendors & Products

Vendor	Product	Version / Range
qnap	file_station	From 5.5.6.4691 (inc) to 5.5.6.5243 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-863	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

Executive Summary

This vulnerability is an incorrect authorization issue affecting File Station 6. It allows a remote attacker who has obtained a user account to bypass the intended access restrictions within the system.

Impact Analysis

If exploited, this vulnerability can allow an attacker with a user account to access resources or data that they should not be authorized to access, potentially leading to unauthorized data exposure or manipulation.

Mitigation Strategies

To mitigate this vulnerability, you should update File Station to version 5.5.6.5243 or later, where the issue has been fixed.

Additionally, ensure that user accounts are secured to prevent unauthorized remote access, as exploitation requires a remote attacker to have a user account.

Hi! I’m here to help you understand CVE-2026-24724. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70