CVE-2026-22900

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.2%

top 61.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. Qunetswitch Qnap Qunetswitch

Timeline

PublishedMar 20

Description

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDqnap/qunetswitch2.0.1.13077 — 2.0.5.0906

▶CVEListV5qnap_systems_inc./qunetswitch2.0.x — 2.0.5.0906

🔴Vulnerability Details

GHSA

GHSA-x6cr-668f-4m47: A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch↗2026-03-20

▶

CVEList

QuNetSwitch↗2026-03-20

▶