CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22901

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.9%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.qnap.com/en/security-advisory/qsa-26-11

Products affected by CVE-2026-22901

Qnap » Qunetswitch » Version: 2.0.1.13077

cpe:2.3:a:qnap:qunetswitch:2.0.1.13077
Qnap » Qunetswitch » Version: 2.0.1.19381

cpe:2.3:a:qnap:qunetswitch:2.0.1.19381
Qnap » Qunetswitch » Version: 2.0.2.22769

cpe:2.3:a:qnap:qunetswitch:2.0.2.22769
Qnap » Qunetswitch » Version: 2.0.2.24072

cpe:2.3:a:qnap:qunetswitch:2.0.2.24072
Qnap » Qunetswitch » Version: 2.0.2.24685

cpe:2.3:a:qnap:qunetswitch:2.0.2.24685
Qnap » Qunetswitch » Version: 2.0.3.3573

cpe:2.3:a:qnap:qunetswitch:2.0.3.3573
Qnap » Qunetswitch » Version: 2.0.4.0415

cpe:2.3:a:qnap:qunetswitch:2.0.4.0415
Qnap » Qunetswitch » Version: 2.0.5.0906

cpe:2.3:a:qnap:qunetswitch:2.0.5.0906

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22901

Products

Pricing

Contact Us