CVE-2026-22897

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.1HIGH

EPSS

0.4%

top 39.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. Qunetswitch Qnap Qunetswitch

Timeline

PublishedMar 20

Description

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDqnap/qunetswitch2.0.1.13077 — 2.0.4.0415

▶CVEListV5qnap_systems_inc./qunetswitch2.0.x — 2.0.4.0415

🔴Vulnerability Details

GHSA

GHSA-rfhr-2q75-2p4x: A command injection vulnerability has been reported to affect QuNetSwitch↗2026-03-20

▶

CVEList

QuNetSwitch↗2026-03-20

▶