CVE-2026-22898

Published: Mar 20, 2026 Last Modified: Mar 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.

We have already fixed the vulnerability in the following version:
QVR Pro 2.7.4.14 and later

306

Missing Authentication for Critical Function

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Other

Potential Impacts:

Gain Privileges Or Assume Identity Varies By Context

Applicable Platforms

Technologies: Cloud Computing, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://www.qnap.com/en/security-advisory/qsa-26-07

CVE-2026-22898

Description

Missing Authentication for Critical Function

Common Consequences

Applicable Platforms

Iscriviti alla newsletter