CVE-2026-22897 Qnap — Exploit & Vulnerability Details HIGH

CVE-2026-22897

HIGH CVSS 4.0: 8.1 EPSS 0.39%

Parameter	Value
CVSS	8.1 (HIGH)
Affected Versions	2.0.1.13077 — 2.0.4.0415
Fixed In	2.0.4.0415
Type	CWE-78 (OS Command Injection)
Vendor	Qnap
Public PoC	No

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-78 OS Command Injection

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Qnap Qunetswitch cpe:2.3:a:qnap:qunetswitch::::::::	`2.0.1.13077`	`2.0.4.0415`

References 1

https://www.qnap.com/en/security-advisory/qsa-26-11

security@qnapsecurity.com.tw

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-22902

Qnap

5.7

CVE-2026-22901

Qnap

6.3

CVE-2026-22900

Qnap

6.8

CVE-2026-22895

Qnap

2.2

CVE-2025-59388

Qnap

6.6

Menu

CVE-2026-22897

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-22902

CVE-2026-22901

CVE-2026-22900

CVE-2026-22895

CVE-2025-59388

CVE Details

Editor's Choice

Menu

CVE-2026-22897

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-22902

CVE-2026-22901

CVE-2026-22900

CVE-2026-22895

CVE-2025-59388

CVE Details

Editor's Choice

Stay informed on cybersecurity