This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
Required Action
Apply updates per vendor instructions.
This CVE is referenced in a KISA security bulletin (Korean only).
| Source | CVSS Version | Base Score | Severity | Vector String | Assessment Date |
|---|---|---|---|---|---|
| NVDNIST | 3.1 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 04/20/2026 |
| NVDNIST | 2.0 | 7.5 |
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
| AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 04/20/2026 |