CVE-2026-26240

Published Jun 10, 2026

Last updated 3 days ago

CVSS medium 5.3

Overview

Description: A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
Source: security@qnapsecurity.com.tw
NVD status: Analyzed
Products: file_station

Risk scores

CVSS 4.0

Type: Secondary
Base score: 5.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity: CRITICAL

Weaknesses

security@qnapsecurity.com.tw: CWE-121

Hype score: Not currently trending

🚨*CVE* CVE-2026-26240 A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processe… https://t.co/kp5uAG9KX8 ----- Traducción: CVE-2026-26240 Se … https://t.co/utmtNg
@infoflowcloud
10 Jun 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qnap:file_station:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "93B729A0-2E61-4873-9039-4EF08448BD6F",
            "versionEndExcluding": "5.5.6.5243",
            "versionStartIncluding": "5.5.6.4691",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 4.0

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References