What is CVE-2026-2237?

CVE-2026-2237 is a medium-severity vulnerability in Synology Diskstation_manager, classified under CWE-598. CVSS score: 6.2/10. Published 2026-05-27.

How severe is CVE-2026-2237?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Vulnerability in Synology Diskstation_manager

CVE-2026-2237

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information.

EPSS: 0.000 (0.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Synology Diskstation_manager — versions 7.2.1, 7.2.2, 7.3
Synology Storage Manager
Synology Storage_manager

Weakness classification (CWE)

CWE-598

References

security@synology.com (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2026-2237?: CVE-2026-2237 is a medium-severity vulnerability in Synology Diskstation_manager, classified under CWE-598. CVSS score: 6.2/10. Published 2026-05-27.
How severe is CVE-2026-2237?: Medium severity. CVSS v3 base score is 6.2 out of 10.