CVE-2026-26240

Critical · CVSS 9.1

QNAP File Station 5 — Stack-based buffer overflow (CWE-121) leading to memory corruption or process crash via remote exploitation

CVSS: 9.1; nvd
EPSS: 0.14%; 33th pct
KEV: No
Class: other; CWE-121

Description

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later

Search profile — drives PoC discovery

Symbols File Station 5FileStationQSA-26-32CVE-2026-26240buffer overflowstack overflow

Keywords CVE-2026-26240QNAP File Station 5 buffer overflowQSA-26-32QNAP FileStation stack overflowFile Station 5 5.5.6.5243QNAP CWE-121 PoCQNAP File Station RCE

Versions: File Station 5 versions prior to 5.5.6.5243

References

https://www.qnap.com/en/security-advisory/qsa-26-32

Status: enriched · ingested 2026-06-12T18:00:30.000Z · profiled 2026-06-16T18:19:23.017Z