RCE in Qnap Systems Inc. Qunetswitch

CVE-2026-22901

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the fo…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.005 (65.7th percentile) — read the EPSS interpretation.