CVE-2026-26241

Critical · CVSS 9.1

QNAP File Station 5 — Stack-based buffer overflow (CWE-121) remote memory corruption / process crash

CVSS: 9.1; nvd
EPSS: 0.14%; 33th pct
KEV: No
Class: other; CWE-121

Description

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later

Search profile — drives PoC discovery

Symbols File Station 5QSA-26-275.5.6.5243

Keywords CVE-2026-26241QNAPFile Station 5buffer overflowQSA-26-27CWE-121stack buffer overflowremote exploitmemory corruption

Versions: File Station 5 < 5.5.6.5243

References

https://www.qnap.com/en/security-advisory/qsa-26-27

Status: enriched · ingested 2026-06-12T18:00:30.000Z · profiled 2026-06-16T18:20:23.035Z