CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22902

A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.2%

CVSS Severity

CVSS v3 Score 6.7

References

https://www.qnap.com/en/security-advisory/qsa-26-11

Products affected by CVE-2026-22902

Qnap » Qunetswitch » Version: N/A

cpe:2.3:a:qnap:qunetswitch:-
Qnap » Qunetswitch » Version: 1.0.1

cpe:2.3:a:qnap:qunetswitch:1.0.1
Qnap » Qunetswitch » Version: 1.0.5.0623

cpe:2.3:a:qnap:qunetswitch:1.0.5.0623
Qnap » Qunetswitch » Version: 1.0.5.0625

cpe:2.3:a:qnap:qunetswitch:1.0.5.0625
Qnap » Qunetswitch » Version: 1.0.6.1509

cpe:2.3:a:qnap:qunetswitch:1.0.6.1509
Qnap » Qunetswitch » Version: 1.0.6.1519

cpe:2.3:a:qnap:qunetswitch:1.0.6.1519

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22902

Products

Pricing

Contact Us