CVE-2026-44083

EUVD-2026-35354
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges.

We have already fixed the vulnerability in the following version:
QuMagie 2.9.1 and later
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
qnapCNA
8.7 HIGH
NETWORK
LOW
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
qnapqumagie
2.9.0 ≤
𝑥
< 2.9.1
CNA
Common Weakness Enumeration
References
https://www.qnap.com/en/security-advisory/qsa-26-35