CVE-2026-24716
published 2026-06-10CVE-2026-24716: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator…
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.33%
25.0th percentile
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3492 build 20260507 and later
QuTS hero h5.2.9.3499 build 20260514 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3459 build 20260409 and later
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | >= 5.2.0.2737 < 5.2.9.3492 | 5.2.9.3492 |
| qnap | quts_hero | >= h5.0.0 < h5.2.9.3499 | h5.2.9.3499 |
| qnap | quts_hero | >= h5.3.0.3115 < h5.3.4.3500 | h5.3.4.3500 |
| qnap | quts_hero | >= h6.0.0.3324 < h6.0.0.3459 | h6.0.0.3459 |
| qnap_systems_inc | qts | >= 5.2.0 < 5.2.9.3492 build 20260507 | 5.2.9.3492 build 20260507 |
| qnap_systems_inc | quts_hero | >= ? < h6.0.0.3459 build 20260409 | h6.0.0.3459 build 20260409 |
| qnap_systems_inc | quts_hero | >= h5.2.0 < h5.2.9.3499 build 20260514 | h5.2.9.3499 build 20260514 |
| qnap_systems_inc | quts_hero | >= h5.3.0 < h5.3.4.3500 build 20260520 | h5.3.4.3500 build 20260520 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.01.2LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
QNAP QTS/QuTS hero 5.2.9.3492/5.2.9.3499/5.3.4.3500/6.0.0.3459 null pointer dereference (qsa-26-18)
vuldb·2026-06-16·CVSS 7.2
CVE-2026-24716 [HIGH] QNAP QTS/QuTS hero 5.2.9.3492/5.2.9.3499/5.3.4.3500/6.0.0.3459 null pointer dereference (qsa-26-18)
A vulnerability classified as problematic was found in QNAP QTS and QuTS hero 5.2.9.3492/5.2.9.3499/5.3.4.3500/6.0.0.3459. Affected by this vulnerability is an unknown functionality. The manipulation results in null pointer dereference.
This vulnerability is reported as CVE-2026-24716. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.
GHSA
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions.
ghsa_unreviewed·2026-06-10
CVE-2026-24716 [MEDIUM] CWE-476 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions.
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3492 build 20260507 and later
QuTS hero h5.2.9.3499 build 20260514 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3459 build 20260409 and later
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-10
Published