CVE-2026-22898Missing Authentication for Critical Function in Systems INC QVR PRO

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
0.4%
top 38.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qnap Systems INC QVR PRO
Timeline
PublishedMar 20

Description

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5qnap_systems_inc/qvr_pro2.7.x2.7.4.14

🔴Vulnerability Details

2
GHSA
GHSA-2f6v-45w8-wr99: A missing authentication for critical function vulnerability has been reported to affect QVR Pro2026-03-20
CVEList
QVR Pro2026-03-20
CVE-2026-22898 — Qnap Systems INC QVR PRO vulnerability | cvebase