Pwn2Own 2026: QNAP TS-453E Malware Remover Flaw Allows Unauthenticated Root Code Execution
A critical code injection vulnerability in the malware_remover.cgi endpoint of QNAP TS-453E devices, disclosed at Pwn2Own, allows unauthenticated network-adjacent attackers to execute arbitrary Python code with root privileges.
A critical vulnerability in the QNAP TS-453E network-attached storage device was disclosed on March 16, 2026, as part of the Pwn2Own hacking contest. Tracked as CVE-2025-11837 and assigned a CVSS score of 8.8, the flaw resides in the flaw resides in the `malware_remover.cgi` endpoint of the QNAP TS-453E. The vulnerability allows unauthenticated attackers who are network-adjacent to the device to execute arbitrary Python code with root privileges, effectively giving them full control over the affected NAS.
The root cause of the vulnerability is a code injection flaw stemming from improper validation of user-supplied input before it is used in a Python execution context. Specifically, the `malware_remover.cgi` endpoint fails to sanitize or validate a string parameter before passing it to a Python interpreter. An attacker can craft a malicious request that injects arbitrary Python code, which is then executed with the highest system privileges (root). This type of flaw is particularly dangerous in embedded devices like NAS units, which often serve as central storage repositories for sensitive data.
The vulnerability was discovered and reported by researcher Chumy Tsai (github.com/Jimmy01240397) of CyCraft Technology Intern. It was demonstrated at the Pwn2Own Berlin 2026 competition, where researchers collectively earned over $1.3 million for 47 zero-day exploits across enterprise and AI products. The QNAP flaw was one of several critical vulnerabilities disclosed during the event, highlighting the ongoing security challenges in consumer and small-business NAS devices.
QNAP has released a security advisory (QSA-25-47) and a corresponding update to address the vulnerability. Users of the TS-453E and potentially other QNAP models are strongly urged to apply the patch immediately. The advisory provides detailed instructions for obtaining and links to the updated firmware. Given the severity of the flaw and the fact that it was disclosed as part of a public hacking contest, exploitation attempts to exploit it in the wild are likely to follow quickly.
The disclosure timeline shows that the vulnerability was reported to QNAP on November 18, 2025, and the coordinated public release occurred on March 16, 2026. This four-month window is typical for responsible disclosure, allowing the vendor time to develop and test a patch before the details become public. The advisory was updated on the same day as the same day as the public release, indicating that QNAP had the fix ready in time for the disclosure.
This vulnerability underscores the persistent risk posed by code injection flaws in network-connected devices. NAS devices like the QNAP devices are frequently targeted by ransomware groups and other threat actors because they often contain large volumes of valuable data and may not be as rigorously patched as enterprise servers. The fact that this flaw requires only network adjacency—meaning the attacker must be on the same local network or able to reach the device over a VPN—makes it a significant concern for both home users and small businesses that rely on QNAP devices for data storage and backup.