CVE-2026-22902

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Mar 20, 2026

Vendor unknown

Description

A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later

References

https://www.qnap.com/en/security-advisory/qsa-26-11