613 CVEs

14 in CISA KEV

qnap Vulnerabilities

CVE security advisories and vulnerability history for qnap.

613

Total CVEs

Published

14

In CISA KEV

Exploited in the wild

34

Public exploits

With known exploit

5.6

Avg CVSS

2009–2026

Overview

qnap has 613 published CVE records since 2009, of which 14 are in CISA's Known Exploited Vulnerabilities catalog and 34 have a known public exploit. The average CVSS base score across scored CVEs is 5.6.

This page aggregates every publicly disclosed vulnerability (CVE) affecting qnap products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of qnap's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical45

High135

Medium212

Low119

102 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

14

14 of qnap's CVEs are confirmed exploited in the wild.

Public exploits

34

34 of qnap's CVEs have a known public exploit available.

Most affected products

The qnap products with the most published CVEs.

QTS310 CVEs
QuTS hero240 CVEs
QuTScloud76 CVEs
Qsync Central63 CVEs
File Station 548 CVEs
file station48 CVEs
quts_hero27 CVEs
Photo Station26 CVEs

Common weakness types

The CWE weakness categories most often found in qnap CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish qnap CVE records.

Disclosure activity by year

How many qnap CVEs were published each year.

2019

14

2020

32

2021

54

2022

22

2023

37

2024

146

2025

141

2026

97

Latest qnap CVEs

The most recently disclosed vulnerabilities affecting qnap.

Media Streaming Add-on
CWE-121
Low · CVSS 2.7
EPSS 0.1%2026-03-20
QuRouter
CWE-923
Low · CVSS 0.9
EPSS 0.0%2026-03-20
QuRouter
CWE-1390
Medium · CVSS 4.0
EPSS 0.0%2026-03-20
QuRouter
CWE-150
Medium · CVSS 5.6
EPSS 0.0%2026-03-20
QuRouter
CWE-89
High · CVSS 7.3
EPSS 0.0%2026-03-20
QuFTP Service
CWE-79
Low · CVSS 2.2
EPSS 0.1%2026-03-20
QuNetSwitch
CWE-78
High · CVSS 8.1
EPSS 0.4%2026-03-20
QVR Pro
CWE-306
Critical · CVSS 9.3
EPSS 0.6%2026-03-20
QuNetSwitch
CWE-798
Medium · CVSS 6.8
EPSS 0.2%2026-03-20
QuNetSwitch
CWE-78
Medium · CVSS 6.3
EPSS 0.5%2026-03-20
QuNetSwitch
CWE-78
Medium · CVSS 5.7
EPSS 0.0%2026-03-20
Hyper Data Protector
CWE-259
Medium · CVSS 6.6
EPSS 0.2%2026-03-12

Track new qnap CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor qnap CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

Unisoc (Shanghai) Technologies Co., Ltd.647 CVEs unisoc635 CVEs moodle633 CVEs Campcodes631 CVEs mcafee607 CVEs arubanetworks604 CVEs freebsd594 CVEs symantec582 CVEs

Browse all vendors

Frequently asked questions

Common questions about qnap vulnerabilities.

How many CVEs does qnap have?

qnap has 613 published CVE records since 2009, including 238 in the last two years.

How many qnap CVEs are in CISA KEV?

Yes — 14 of qnap's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which qnap products have the most CVEs?

The qnap products with the most published CVEs are QTS, QuTS hero, QuTScloud, Qsync Central, File Station 5.

What are the most common weakness types in qnap CVEs?

qnap's CVEs most often map to these CWE weakness types: CWE-476 (NULL Pointer Dereference), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).

Are there public exploits for qnap vulnerabilities?

Yes — 34 of qnap's CVEs have a known public exploit.

How many critical qnap vulnerabilities are there?

qnap has 45 critical and 135 high-severity CVEs.

What is the average severity of qnap CVEs?

The average CVSS base score across qnap's scored CVEs is 5.6.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track qnap vulnerabilities

Monitor new qnap vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing