{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "QNAP ist ein Hersteller von NAS (Network Attached Storage) Lösungen.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in QNAP NAS ausnutzen, um sich erhöhte Berechtigungen zu verschaffen, um Sicherheitsmechanismen zu umgehen, um einen Denial of Service Zustand herbeizuführen, um beliebige Befehle auszuführen, um Informationen offenzulegen oder nicht näher spezifizierte Auswirkungen zu erzielen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Hardware Appliance",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2026-1966 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1966.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2026-1966 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1966"
    }, {
      "category" : "external",
      "summary" : "QNAP Security Advisory vom 2026-06-17",
      "url" : "https://www.qnap.com/en/security-advisory/QSA-26-10"
    } ],
    "source_lang" : "en-US",
    "title" : "QNAP NAS: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2026-06-16T22:00:00.000+00:00",
      "generator" : {
        "date" : "2026-06-17T09:24:54.164+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.6.0"
        }
      },
      "id" : "WID-SEC-W-2026-1966",
      "initial_release_date" : "2026-06-16T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2026-06-16T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      } ],
      "status" : "final",
      "version" : "1"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "QVP <2.8.0",
          "product" : {
            "name" : "QNAP NAS QVP <2.8.0",
            "product_id" : "T055513"
          }
        }, {
          "category" : "product_version",
          "name" : "QVP 2.8.0",
          "product" : {
            "name" : "QNAP NAS QVP 2.8.0",
            "product_id" : "T055513-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:qnap:nas:2.8.0::qvp"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "QuTS cloud <C5.2.9",
          "product" : {
            "name" : "QNAP NAS QuTS cloud <C5.2.9",
            "product_id" : "T055514"
          }
        }, {
          "category" : "product_version",
          "name" : "QuTS cloud C5.2.9",
          "product" : {
            "name" : "QNAP NAS QuTS cloud C5.2.9",
            "product_id" : "T055514-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:qnap:nas:c5.2.9::quts_cloud"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "QTS <5.2.10",
          "product" : {
            "name" : "QNAP NAS QTS <5.2.10",
            "product_id" : "T055515"
          }
        }, {
          "category" : "product_version",
          "name" : "QTS 5.2.10",
          "product" : {
            "name" : "QNAP NAS QTS 5.2.10",
            "product_id" : "T055515-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:qnap:nas:5.2.10::qts"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "QuTS hero <h5.2.9",
          "product" : {
            "name" : "QNAP NAS QuTS hero <h5.2.9",
            "product_id" : "T055517"
          }
        }, {
          "category" : "product_version",
          "name" : "QuTS hero h5.2.9",
          "product" : {
            "name" : "QNAP NAS QuTS hero h5.2.9",
            "product_id" : "T055517-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:qnap:nas:h5.2.9::quts_hero"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "NAS"
      } ],
      "category" : "vendor",
      "name" : "QNAP"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2025-59382",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2025-59382"
  }, {
    "cve" : "CVE-2025-62858",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2025-62858"
  }, {
    "cve" : "CVE-2025-66273",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2025-66273"
  }, {
    "cve" : "CVE-2025-66279",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2025-66279"
  }, {
    "cve" : "CVE-2025-66280",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2025-66280"
  }, {
    "cve" : "CVE-2025-66281",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2025-66281"
  }, {
    "cve" : "CVE-2025-68405",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2025-68405"
  }, {
    "cve" : "CVE-2026-22893",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2026-22893"
  }, {
    "cve" : "CVE-2026-22899",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2026-22899"
  }, {
    "cve" : "CVE-2026-24720",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2026-24720"
  }, {
    "cve" : "CVE-2026-24724",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2026-24724"
  }, {
    "cve" : "CVE-2026-26239",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2026-26239"
  }, {
    "cve" : "CVE-2026-26240",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2026-26240"
  }, {
    "cve" : "CVE-2026-26241",
    "product_status" : {
      "known_affected" : [ "T055517", "T055515", "T055514", "T055513" ]
    },
    "release_date" : "2026-06-16T22:00:00.000+00:00",
    "title" : "CVE-2026-26241"
  } ]
}