CRITICALCVE-2026-22898Published 2026-03-20Modified 2026-03-27CNA qnap

CVE-2026-22898: QVR Pro

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: 2.7.4.14
Affected Products: 1

Fix available

2.7.4.14

Affected packages

QNAP Systems Inc. / QVR Pro
< 2.7.4.14 (from 2.7.x)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

qnap.com

Metrics

Fix available