CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22897

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.5%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.qnap.com/en/security-advisory/qsa-26-11

Products affected by CVE-2026-22897

Qnap » Qunetswitch » Version: 2.0.1.13077

cpe:2.3:a:qnap:qunetswitch:2.0.1.13077
Qnap » Qunetswitch » Version: 2.0.1.19381

cpe:2.3:a:qnap:qunetswitch:2.0.1.19381
Qnap » Qunetswitch » Version: 2.0.2.22769

cpe:2.3:a:qnap:qunetswitch:2.0.2.22769
Qnap » Qunetswitch » Version: 2.0.2.24072

cpe:2.3:a:qnap:qunetswitch:2.0.2.24072
Qnap » Qunetswitch » Version: 2.0.2.24685

cpe:2.3:a:qnap:qunetswitch:2.0.2.24685
Qnap » Qunetswitch » Version: 2.0.3.3573

cpe:2.3:a:qnap:qunetswitch:2.0.3.3573

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22897

Products

Pricing

Contact Us