Critical severity9.8NVD Advisory· Published Mar 20, 2026· Updated Apr 14, 2026

CVE-2026-22898

Description

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.

We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

Affected products

Qnap/Qvr Pro
cpe:2.3:a:qnap:qvr_pro:*:*:*:*:*:*:*:*
Range: >=2.7.1.1259,<2.7.4.1485

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.qnap.com/en/security-advisory/qsa-26-07nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000