This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
Required Action
Apply updates per vendor instructions.
This CVE is referenced in a KISA security bulletin (Korean only).
| Source | CVSS Version | Base Score | Severity | Vector String | Assessment Date |
|---|---|---|---|---|---|
| NVDNIST | 3.1 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 04/20/2026 |
| NVDNIST | 2.0 | 7.5 |
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
| AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 04/20/2026 |