CVE-2026-2237

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,2

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local attackers to obtain sensitive information.

598

Use of HTTP Request With Sensitive Query String

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: Web Based, Web Server

View CWE Details

https://www.synology.com/en-global/security/advisory/Synolo…

https://www.synology.com/en-global/security/advisory/Synology_SA_26_01

CVE-2026-2237

Description

Use of HTTP Request With Sensitive Query String

Common Consequences

Applicable Platforms

Iscriviti alla newsletter