Critical severity9.8NVD Advisory· Published Mar 20, 2026· Updated Apr 14, 2026
CVE-2026-22898
CVE-2026-22898
Description
A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.
We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- www.qnap.com/en/security-advisory/qsa-26-07nvdVendor Advisory
News mentions
1- ZDI-26-292: QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution VulnerabilityZero Day Initiative · Apr 15, 2026