Synology, QNAP
This page is grounded in the current research notes and official-source dataset, then organized into a cleaner public landing page.
| Vendor | Update | Fixed version(s) | Published | Source |
|---|---|---|---|---|
| QNAP QTS / QuTS hero / QuTScloud Linux kernel | QSA-26-17 Dirty Frag Linux kernel privilege-escalation advisory QNAP warned that the Linux kernel "Dirty Frag" privilege-escalation flaw affects most current QNAP NAS operating systems, with no patch yet and interim guidance to restrict shell access, avoid privileged containers, disable unused services, and keep NAS off direct internet exposure. | No official QNAP patch yet; follow QSA-26-17 mitigations and monitor the advisory for release availability | 2026-05-11 | Official source ↗ |
| Synology DSM | Synology-SA-26:06 DSM security update Synology published a broad DSM advisory covering 11 vulnerabilities and gave explicit fixed releases across current supported DSM branches. | DSM 7.3.2-86009-2+ DSM 7.2.2-72806-7+ DSM 7.2.1-69057-10+ | 2026-04-15 | Official source ↗ |
| Synology DSM / Mail Station | Synology-SA-26:04 Mail Station security update Synology published a Mail Station package advisory for DSM with a clear fixed package build across current DSM branches. | Mail Station 30000001.3.19-20332+ for DSM 7.3 Mail Station 30000001.3.19-20332+ for DSM 7.2.2 and 7.2.1 | 2026-03-31 | Official source ↗ |
| Synology DSM / GNU Inetutils telnetd | Synology-SA-26:03 DSM critical security update Synology disclosed a critical DSM update for GNU Inetutils telnetd with explicit fixed releases for supported DSM branches. | DSM 7.3.2-86009-3+ DSM 7.2.2-72806-8+ DSM 7.2.1-69057-11+ | 2026-03-19 | Official source ↗ |
| QNAP QTS / QuTS hero | QSA-25-50 Multiple Vulnerabilities in QTS and QuTS hero QNAP published a broad QTS and QuTS hero advisory covering null-pointer dereference, buffer overflow, out-of-bounds read, format string, and resource exhaustion issues across current NAS operating system branches. | QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later | 2026-01-03 | Official source ↗ |
| Synology DSM / Storage Manager | Synology-SA-26:01 Storage Manager Synology released a Storage Manager package security update for DSM 7.3 and DSM 7.2.x after disclosing a local information exposure issue. | 1.0.1-1100 or above | 2026-02-09 | Official source ↗ |
| QNAP QTS / QuTS hero | QSA-25-45 Multiple Vulnerabilities in QTS and QuTS hero (PWN2OWN 2025) QNAP disclosed PWN2OWN-linked QTS and QuTS hero vulnerabilities including command injection, SQL injection, null-pointer dereference, and authentication bypass, with fixed builds for both 5.2 and 5.3-era NAS software tracks. | QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later | 2025-11-08 | Official source ↗ |