{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22898", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2026-01-13T07:49:08.784Z", "datePublished": "2026-03-20T16:21:30.440Z", "dateUpdated": "2026-03-27T03:55:39.294Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2026-03-20T16:21:30.440Z"}, "title": "QVR Pro", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QVR Pro", "versions": [{"status": "affected", "version": "2.7.x", "lessThan": "2.7.4.14", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.\n\nWe have already fixed the vulnerability in the following version:\nQVR Pro 2.7.4.14 and later", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.<br><br>We have already fixed the vulnerability in the following version:<br>QVR Pro 2.7.4.14 and later<br>"}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-07"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following version:\nQVR Pro 2.7.4.14 and later", "supportingMedia": [{"type": "text/html", "base64": false, "value": "We have already fixed the vulnerability in the following version:<br>QVR Pro 2.7.4.14 and later<br>"}]}], "credits": [{"lang": "en", "value": "FuzzingLabs", "type": "finder"}], "source": {"advisory": "QSA-26-07", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-22898"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T03:55:39.294Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22898", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-25T14:04:13.627559Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:04:16.756Z"}}], "cna": {"title": "QVR Pro", "source": {"advisory": "QSA-26-07", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "FuzzingLabs"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "QVR Pro", "versions": [{"status": "affected", "version": "2.7.x", "lessThan": "2.7.4.14", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following version:\nQVR Pro 2.7.4.14 and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>QVR Pro 2.7.4.14 and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-07"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.\n\nWe have already fixed the vulnerability in the following version:\nQVR Pro 2.7.4.14 and later", "supportingMedia": [{"type": "text/html", "value": "A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.<br><br>We have already fixed the vulnerability in the following version:<br>QVR Pro 2.7.4.14 and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2026-03-20T16:21:30.440Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22898", "state": "PUBLISHED", "dateUpdated": "2026-03-27T03:55:39.294Z", "dateReserved": "2026-01-13T07:49:08.784Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2026-03-20T16:21:30.440Z", "assignerShortName": "qnap"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.\n\nWe have already fixed the vulnerability in the following version:\nQVR Pro 2.7.4.14 and later"}], "id": "CVE-2026-22898", "lastModified": "2026-03-24T15:54:09.400", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2026-03-20T17:16:44.307", "references": [{"source": "security@qnapsecurity.com.tw", "url": "https://www.qnap.com/en/security-advisory/qsa-26-07"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2.7.x,2.7.4.14)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "qvr_pro", "vendor": "qnap_systems"}], "analysis": {"en": {"generated_at": "2026-03-20T17:24:44.468612+00:00", "value": {"mitigation_remediation": ["Apply the QVR Pro 2.7.4.14 patch or newer to fix the missing authentication flaw.", "Verify after update that the critical function is protected by proper authentication.", "If immediate patching is not possible, isolate the QVR Pro device from untrusted networks or disable the affected feature if such an option exists.", "Check QNAP's security advisory page for any additional recommendations."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "QNAP Systems Inc's QVR Pro software is affected. The vulnerability applies to versions before QVR Pro 2.7.4.14, which includes all releases prior to that patch. The product is a video recording and surveillance solution deployed on QNAP network storage devices.", "description_and_impact": "A missing authentication check in a critical function of QVR Pro permits remote attackers to obtain system\u2011level access without credentials. This vulnerability allows an attacker to bypass normal authentication controls, potentially leading to unauthorized configuration changes, data exfiltration, or complete takeover of the QVR system.", "risk_and_exploitability": "The CVSS score of 9.3 indicates a high severity, as does the lack of authentication requirement. Exploitability is likely high because the attack requires only remote access to the device, with no special privileges needed. EPSS data is not available, and the vulnerability is not listed in CISA's KEV. The primary attack vector is remote network access to the exposed function, so it is essential to patch promptly."}}}}, "created": "2026-03-23T09:53:20.923427+00:00", "title": "Missing Authentication in QVR Pro Allows Remote Access", "updated": "2026-03-25T14:29:11.054695+00:00", "vendors": ["qnap_systems", "qnap_systems$PRODUCT$qvr_pro"]}