CVE-2026-41539

{"id": "CVE-2026-41539", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-06-09T06:16:53.413", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-31", "tags": ["Broken Link"], "source": "security@qnapsecurity.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@qnapsecurity.com.tw", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3492 build 20260507 and later\nQuTS hero h5.2.9.3499 build 20260514 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3500 build 20260520 and later"}], "lastModified": "2026-06-12T15:37:43.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4026A4B-7AB4-48EA-971D-88DFDD3F01A7"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F3F99BB-0D68-4D74-92C8-59E24F96C50D"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DE63B4D-8E84-41D3-B1F3-04AE6040242B"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75746563-C648-4E55-9126-703F915F8B8A"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF6BA027-A635-4E90-80C8-130B10AB3D23"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5406F242-A215-4B07-809F-7A7CE55ACE71"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA17778E-B3B1-44DD-B4E9-5AD25A3E804C"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3FC6646-2247-4ED9-9643-CD376674E2E7"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62170342-067D-442C-88FB-64A4BEA8AFE4"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82464467-E1E6-47E1-BDE5-DDFA52994A47"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75AE902C-0516-4341-9BF0-21D8803E091C"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.4.3079:build_20250321:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B005D70-8C91-48D4-B09A-9EBE2E9E5090"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.4.3092:build_20250403:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82FE5F89-A0E1-4D1B-A363-0A0D4141F502"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.5.3145:build_20250526:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B21A9EE0-88D5-42D9-BA21-D55518FCC6E4"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.6.3195:build_20250715:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B575CF2-21F3-4435-B6B4-61D79B34429C"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.6.3229:build_20250818:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2EBD305-91E3-4BCC-835B-4878DF4DA3B8"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.7.3256:build_20250913:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "554CB021-1477-4E63-8EBA-74056B4D8DA7"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.7.3297:build_20251024:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "153F90E1-A54F-4B8D-AEEA-4643421AFF7F"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.8.3332:build_20251128:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBDC5E20-6EF7-41B4-AEB7-6F2181BD8B50"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.8.3350:build_20251216:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98ECCF6B-D31F-45D6-A993-F4218B030748"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.8.3359:build_20251225:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C4670D1-845B-4C06-A9B7-CB7D149E59AA"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.9.3410:build_20260214:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E9B4AEC-E179-4F05-9E63-E934AAAB4210"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.9.3451:build_20260327:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE86A258-45D5-469C-A9C8-B5A986AA4358"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDCBB36A-CB91-4BA3-A6ED-952E6A4A0481"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "240BCFF1-CCCB-4C07-8E2C-7F43F68407FC"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3AF7276-77E0-474A-B10F-AC15BC5FCF00"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FA8C3EC-B6C0-44A8-BC91-18E3E90C63AB"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "889336D2-D9F7-4CC0-A22F-B837B5E77751"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98F72EB9-0EE3-416A-B9BB-2512F5203A5A"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9110382F-57C2-4C2E-82D1-3246C882B2C3"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB92EFD7-47DD-4AAC-97BD-A2D4918FF4ED"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E38E23-1AD0-49E1-89FA-73DC2F496137"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2F302B6-26CC-4044-B480-4EBDBB90797F"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF0093B6-8D38-4D1E-AD71-79299123C2B1"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48A3CDAA-B0C6-4280-B1AC-DDD027F9D632"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.4.3079:build_20250321:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1807DE4F-CDF3-4E3B-ADC1-9535EF1D60FE"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.5.3138:build_20250519:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68FF7342-A0AF-4E75-9CD6-D584B450B8AB"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.6.3195:build_20250715:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8E84E3D-943C-4DF5-86D3-DCAC3C034B81"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.7.3256:build_20250913:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17720E05-1BBF-4605-A777-FA4059B3C2DC"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.7.3297:build_20251024:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39CB5F1C-9811-499D-9D32-34B40E0D475E"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.8.3321:build_20251117:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "207E47AF-AADA-4A44-B0D6-3F8CE0285D46"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.8.3350:build_20251216:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC6DAFB2-9BB7-4412-B1D4-3EFFD92E5493"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.8.3359:build_20251225:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91FEA769-B445-4BD6-ABD0-652D05C10E05"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.9.3410:build_20260214:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02D7654E-06DB-40B8-86D8-E81F4415CC95"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.9.3492:build_20260507:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E7F05AA-493E-4166-8C8A-C295B8F223CA"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.0.3115:build_20250430:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4175C7F7-E946-41C6-8863-E23233B91A2B"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.0.3145:build_20250530:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE16C73E-9291-44FD-A9CB-B7C127E67A6F"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.0.3192:build_20250716:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED4023E4-6C28-413A-B7B1-6CEEBC48A1C0"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.1.3250:build_20250912:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A94FE59-675E-4FF1-B971-F5A0A7B98EA7"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.1.3292:build_20251024:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92CE2B8B-4A23-41AA-94C6-D0DBFE06FDC1"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.2.3354:build_20251225:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "823CEFF6-8365-476D-9D90-8F51BA749424"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.3.3.3424:build_20260305:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B780AFB-CCC5-4AD8-A3C2-2F0AC18F4B09"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h6.0.0.3324:build_20251125:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACAAA533-F83E-400F-8D83-84C086845944"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h6.0.0.3382:build_20260122:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BC82832-F0A7-4096-9A5A-80D2374B6028"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h6.0.0.3397:build_20260206:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D71766D-12E7-44AC-80EB-3D778FEED6F4"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h6.0.0.3459:build_20260409:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB658425-783E-49FD-A8F9-3FAD3BDB2689"}], "operator": "OR"}]}], "sourceIdentifier": "security@qnapsecurity.com.tw"}