CVE-2022-49036
Description
Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 has a vulnerability allowing local code execution via untrusted control sphere inclusion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 has a vulnerability allowing local code execution via untrusted control sphere inclusion.
Vulnerability
An inclusion of functionality from untrusted control sphere vulnerability exists in the OpenSSL configuration within Synology Active Backup for Business Recovery Media Creator. This vulnerability affects versions prior to 2.5.0-2081 and allows local users to execute arbitrary code through unspecified vectors.
Exploitation
An attacker with local user access to the affected system can exploit this vulnerability. The specific vectors are not disclosed, but the attack involves an "inclusion of functionality from untrusted control sphere" in the OpenSSL configuration.
Impact
Successful exploitation of this vulnerability allows a local user to execute arbitrary code on the affected system. This could lead to a full compromise of the system with the privileges of the user running the affected software.
Mitigation
Synology released an update to version 2.5.0-2081 to address this vulnerability. Users are advised to update to this version or later. The release notes indicate a staged rollout for this version [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <2.5.0-2081
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
1- Synology: Five Vulnerabilities Disclosed, Including Two High-Severity Code Execution FlawsVypr Intelligence · Jun 3, 2026