Vulnerability Details CVE-2026-22895
A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following versions:
QuFTP Service 1.4.3 and later
QuFTP Service 1.5.2 and later
QuFTP Service 1.6.2 and later
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.8%
CVSS Severity
CVSS v3 Score 4.8
Products affected by CVE-2026-22895
-
cpe:2.3:a:qnap:quftp:1.1.1
-
cpe:2.3:a:qnap:quftp:1.1.2
-
cpe:2.3:a:qnap:quftp:1.1.3
-
cpe:2.3:a:qnap:quftp:1.1.4
-
cpe:2.3:a:qnap:quftp:1.1.5
-
cpe:2.3:a:qnap:quftp:1.2.0
-
cpe:2.3:a:qnap:quftp:1.2.1
-
cpe:2.3:a:qnap:quftp:1.3.0
-
cpe:2.3:a:qnap:quftp:1.3.1
-
cpe:2.3:a:qnap:quftp:1.3.2
-
cpe:2.3:a:qnap:quftp:1.3.3
-
cpe:2.3:a:qnap:quftp:1.3.4
-
cpe:2.3:a:qnap:quftp:1.4.1
-
cpe:2.3:a:qnap:quftp:1.4.2
-
cpe:2.3:a:qnap:quftp:1.5.0
-
cpe:2.3:a:qnap:quftp:1.5.1
-
cpe:2.3:a:qnap:quftp:1.6.0