A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information.
References
| Link | Resource |
|---|---|
| https://www.synology.com/en-global/security/advisory/Synology_SA_26_01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
02 Jun 2026, 10:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information. |
01 Jun 2026, 19:55
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:synology:storage_manager:*:*:*:*:*:*:*:* cpe:2.3:o:synology:diskstation_manager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:synology:diskstation_manager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:synology:diskstation_manager:7.3:*:*:*:*:*:*:* |
|
| References | () https://www.synology.com/en-global/security/advisory/Synology_SA_26_01 - Vendor Advisory | |
| First Time |
Synology
Synology diskstation Manager Synology storage Manager |
27 May 2026, 09:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-27 09:16
Updated : 2026-06-02 10:16
NVD link : CVE-2026-2237
Mitre link : CVE-2026-2237
CVE.ORG link : CVE-2026-2237
JSON object : View
Products Affected
synology
- storage_manager
- diskstation_manager
CWE
CWE-598
Use of GET Request Method With Sensitive Query Strings