CVE-2026-22895 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit…
Low CVSS: 2.2

CVE-2026-22895

A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data.

We have already fixed the vulnerability in the following versions:
QuFTP Service 1.4.3 and later
QuFTP Service 1.5.2 and later
QuFTP Service 1.6.2 and later
Vendor
-
Product
-
CWE
CWE-79
Yayın Tarihi
2026-03-20 17:16:43
Güncelleme
2026-03-24 15:54:09
Source Identifier
security@qnapsecurity.com.tw
KEV Date Added
-

Kategoriler

CWE-79 LOW 2026

Referanslar

https://www.qnap.com/en/security-advisory/qsa-26-15