Official sources used
Synology security advisories and QNAP security advisories/download center
This page keeps the editorial layer narrow: highlight the most useful official advisories, surface the fixed builds plainly, and link readers back to the vendor for the actual update path.
Synology2026-04-15
Synology-SA-26:06 DSM security update
Synology published a broad DSM advisory covering 11 vulnerabilities and, importantly, spelled out minimum fixed releases across DSM 7.3, 7.2.2, and 7.2.1 instead of leaving operators to infer patch targets.
Fixed versionsDSM 7.3.2-86009-2+, DSM 7.2.2-72806-7+, DSM 7.2.1-69057-10+
Why it mattersIt is exactly the kind of high-signal NAS advisory that makes the site more useful and more credible as a fixed-version reference asset.
Synology2026-03-19
Synology-SA-26:03 DSM critical security update
Synology warned that CVE-2026-32746 in GNU Inetutils telnetd could allow unauthenticated remote command execution and published fixed DSM builds by branch.
Fixed versionsDSM 7.3.2-86009-3+, DSM 7.2.2-72806-8+, DSM 7.2.1-69057-11+
Why it mattersCritical DSM advisories with explicit fixed builds strengthen the site's claim that it highlights patch targets, not just headlines.
Synology2025-05-29
Synology-SA-25:07 SMB Service
Synology says this SMB Service issue could allow remote authenticated users to write to limited files, and it published fixed package versions by DSM track.
Fixed versionsDSM 7.2: 4.15.13-2502 or above; DSM 7.1: 4.15.9-0644 or above
Why it mattersIt is a good example of the kind of package-level advisory Synology handles clearly enough for operators to act on quickly.
QNAP2026-05-11
QSA-26-17 Dirty Frag Linux kernel privilege-escalation advisory
QNAP says the Linux kernel "Dirty Frag" flaw affects all QNAP x86-based NAS models, all ARM64-based NAS models, all QuTS hero NAS models, and all QuTScloud instances. There is no official patch yet, but the advisory gives concrete interim mitigation steps while operators wait for release availability.
Current statusNo official QNAP patch yet; restrict shell access, avoid privileged containers, disable unused services, and keep NAS off direct internet exposure.
Why it mattersThis is a good example of a mitigation-first advisory that is still worth indexing because the official source names broad affected scope and gives immediate operator guidance.
QNAP2026-01-03
QSA-25-50 multiple vulnerabilities in QTS and QuTS hero
QNAP published a broad advisory covering current NAS operating system branches and provided fixed builds across both QTS and QuTS hero tracks.
Fixed buildsQTS 5.2.7.3256 build 20250913+, QuTS hero h5.2.7.3256 build 20250913+, QuTS hero h5.3.1.3250 build 20250912+
Why it mattersThese broader advisories are useful because they collapse many vulnerabilities into a concrete minimum target version by branch.
QNAP2025-11-08
QSA-25-45 multiple vulnerabilities in QTS and QuTS hero (PWN2OWN 2025)
QNAP ties this advisory to PWN2OWN 2025 and lists command injection, SQL injection, authentication bypass, and memory handling issues across supported tracks.
Fixed buildsQTS 5.2.7.3297 build 20251024+, QuTS hero h5.2.7.3297 build 20251024+, QuTS hero h5.3.1.3292 build 20251024+
Why it mattersPWN2OWN-linked advisories tend to attract search demand and are strong candidates for durable static coverage.
QNAP2025-08-29
QSA-25-21 multiple vulnerabilities in QTS and QuTS hero
QNAP lists a broad mix of command injection, path traversal, denial-of-service, and memory corruption issues and again gives a direct fixed-build target by branch.
Fixed buildsQTS 5.2.5.3145 build 20250526+, QuTS hero h5.2.5.3138 build 20250519+
Why it mattersIt shows why QNAP is worth covering: the advisories are busy, but still structured enough to normalize cleanly.