Security News

Cybersecurity news aggregator

🔓
CRITICAL Vulnerabilities HKCERT

QNAP NAS Elevation of Privilege Vulnerability

qnap-nascve-2026-31431elevation-of-privilegekev-boostedmitre-ta0004
A local privilege escalation vulnerability (CVE-2026-31431, CVSS 7.8 HIGH) in the Linux kernel allows an attacker with local access to gain elevated privileges on affected systems. The vulnerability affects QNAP ARM64 NAS models running QTS with specific Linux kernel versions, including kernel versions from 4.14 to less than 5.10.254, 5.11 to less than 5.15.204, 5.16 to less than 6.1.170, 6.2 to less than 6.6.137, and 6.7 to less than 6.12.85. QNAP has released a security advisory (QSA-26-16) with fixes; administrators should upgrade their kernel to a patched version such as 5.10.254, 5.15.204, 6.1.170, 6.6.137, 6.12.85, 6.18.22, or 6.19.12.
Read Full Article →

A vulnerability was identified in QNAP NAS. A local attacker can exploit this vulnerability to trigger elevation of privilege on the targeted system. Note: CVE-2026-31431 is being exploited in the wild. A local privilege escalation vulnerability, commonly known as "Copy... Impact Elevation of Privilege System / Technologies affected QTS on specific QNAP ARM64 NAS models running Kernel 5.10 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://www.qnap.com/en/security-advisory/qsa-26-16

Related Articles

CRITICAL Linux Kernel Elevation of Privilege Vulnerability HKCERT CRITICAL New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions The Hacker News CRITICAL Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability Tenable Research CRITICAL ‘Trivial’ exploit can give attackers root access to Linux kernel CSO Online
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn