Heise.De
Critical QNAP QVR Pro Vulnerability Exposes Systems to Remote Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
QNAP has issued an urgent advisory regarding a critical vulnerability in its QVR Pro application, disclosed on March 21, 2026, identified as CVE-2026-22898. This flaw allows unauthorized remote attackers to access systems without authentication due to a missing security check. Affected systems include those running QVR Pro version 2.7.x, which is widely used for network video surveillance. The vulnerability could enable attackers to view surveillance feeds, alter configurations, or delete video archives, posing significant risks to both physical security and corporate data integrity. Fortunately, QNAP has released a patch in version 2.7.4.1485 to address this issue. Organizations are urged to update their systems immediately to mitigate potential exploitation. Other vulnerabilities in QNAP's software also exist, but the QVR Pro flaw is considered the most critical. As of now, there are no reports of active exploitation of this vulnerability.
Key Points: • CVE-2026-22898 allows remote access without authentication in QVR Pro. • Patch available in QVR Pro version 2.7.4.1485; immediate updates are recommended. • No reports of active exploitation have been confirmed yet.