CVE-2026-22902

CWE-78OS Command Injection3 documents3 sources
Severity
5.7MEDIUM
EPSS
0.0%
top 92.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. QunetswitchQnap Qunetswitch
Timeline
PublishedMar 20

Description

A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5qnap_systems_inc./qunetswitch2.0.x2.0.5.0906
NVDqnap/qunetswitch2.0.5.0906

🔴Vulnerability Details

2
GHSA
GHSA-8386-fp86-ccp9: A command injection vulnerability has been reported to affect QuNetSwitch2026-03-20
CVEList
QuNetSwitch2026-03-20
CVE-2026-22902 (MEDIUM CVSS 5.7) | A command injection vulnerability h | cvebase.io