Synology, QNAP
This page is grounded in the current research notes and official-source dataset, then organized into a cleaner public landing page.
| Vendor | Update | Fixed version(s) | Published | Source |
|---|---|---|---|---|
| QNAP QTS / QuTS hero | QSA-25-50 Multiple Vulnerabilities in QTS and QuTS hero QNAP published a broad QTS and QuTS hero advisory covering null-pointer dereference, buffer overflow, out-of-bounds read, format string, and resource exhaustion issues across current NAS operating system branches. | QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later | 2026-01-03 | Official source ↗ |
| Synology DSM / Storage Manager | Synology-SA-26:01 Storage Manager Synology released a Storage Manager package security update for DSM 7.3 and DSM 7.2.x after disclosing a local information exposure issue. | 1.0.1-1100 or above | 2026-02-09 | Official source ↗ |
| QNAP QTS / QuTS hero | QSA-25-45 Multiple Vulnerabilities in QTS and QuTS hero (PWN2OWN 2025) QNAP disclosed PWN2OWN-linked QTS and QuTS hero vulnerabilities including command injection, SQL injection, null-pointer dereference, and authentication bypass, with fixed builds for both 5.2 and 5.3-era NAS software tracks. | QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later | 2025-11-08 | Official source ↗ |
| QNAP QTS / QuTS hero | QSA-25-21 Multiple Vulnerabilities in QTS and QuTS hero QNAP published a large QTS/QuTS hero advisory covering DoS, command injection, path traversal, buffer overflow, and out-of-bounds write issues. | QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | Official source ↗ |
| Synology DSM / SMB Service | Synology-SA-25:07 SMB Service Synology disclosed an SMB Service issue where remote authenticated users could write to limited files; DSM packages received fixed builds and SRM/BeeStation remained ongoing at publication time. | 4.15.13-2502 or above 4.15.9-0644 or above | 2025-05-29 | Official source ↗ |
| QNAP QTS / QuTS hero | QSA-25-03 Vulnerability in Legacy QTS and QuTS hero QNAP warned that legacy QTS and QuTS hero builds exposed sensitive information and recommended upgrading to 5.2-era fixed releases. | QTS 5.2.0.2851 build 20240808 and later QuTS hero h5.2.0.2851 build 20240808 and later | 2025-03-08 | Official source ↗ |
| QNAP QTS / QuTS hero | QSA-24-52 Vulnerability in QTS and QuTS hero QNAP disclosed an out-of-bounds write vulnerability affecting QTS 5.1.x and QuTS hero h5.1.x, fixed in 20241120 builds and later. | QTS 5.1.9.2954 build 20241120 and later QuTS hero h5.1.9.2954 build 20241120 and later | 2025-03-08 | Official source ↗ |