CVE-2026-26236

EUVD-2026-35347
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.

We have already fixed the vulnerability in the following version:
QuMagie 2.9.0 and later
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
qnapCNA
8.7 HIGH
NETWORK
LOW
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
qnapqumagie
𝑥
≤ 2.9.0
CNA
Common Weakness Enumeration
References
https://www.qnap.com/en/security-advisory/qsa-26-36