RCE in Qnap Systems Inc. Qunetswitch

CVE-2026-22902

A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (7.1th percentile) — read the EPSS interpretation.