What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
itpresstour
RAIDON

QNAP Security Advisory ID : QSA-25-56 on Resolved Vulnerability

Concerning vulnerability in legacy QTS with NFS service enabled

This is a Press Release edited by StorageNewsletter.com on February 3, 2026 at 2:00 pm

Qnap Systems, Inc. had published a security advisory concerning a resolved vulnerability in legacy QTS with NFS service enabled.

Release date: January 17, 2026
CVE identifier: CVE-2025-66276
Affected products: QTS 4.3.x
Severity: Moderate
Status: Resolved

Summary
A vulnerability has been reported to affect certain legacy QTS environments utilizing the NFS (Network File System) service. If exploited, the vulnerability allows attackers to perform actions and potentially gain access due to the misconfiguration of NFS settings.

The company have already fixed the vulnerability in following version:

Affected Product

Fixed Version

QTS 4.3.x

QTS 5.2.x and later

Recommendation
To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

  Qnap also recommend strengthening NFS access control for your shared folders.

Updating QTS

  1. Log in to QTS as an administrator
  2. Go to Control Panel > System > Firmware Update
  3. Under Live Update, click Check for Update
    The system downloads and installs the latest available update

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Strengthing NFS Access Control for Shared Folders
Qnap recommend reviewing and adjusting the NFS permission settings Host / IP / Network and Squash Option for all affected shared folders. The following steps will help you further strengthen NFS access control and mitigate security risks caused by improper configuration.

  1. Log in to QTS as an administrator
  2. Go to Control Panel > Privilege > Shared Folders > Shared Folder
  3. Identify a shared folder
  4. Under Action, click the Edit Shared Folder Permission icon
    The     Edit Shared Folder Permission window opens
  5. Next to Select permission type, select NFS host access
  6. Select Access right
  7. Under Host / IP / Network, replace the wildcard value * with a specific IP address or domain name
    This ensures only specific IP addresses or domain names can access the shared folder via NFS
    Tip: To specify additional IP addresses or domain names, click Add
  8. For each entry, under Squash Option, select Squash all users
    This enforces stricter access control and minimizes the risk of unauthorized privilege usage
  9. Click Apply
    The system saves the shared folder permission settings
  10. Repeat the above steps to configure the NFS settings for additional shared folders

  Attachment:

Acknowledgements: Víctor A. Morales

Revision History: V1.0 (January 17, 2026) – Published

Articles_bottom
SNL Awards_2026
AIC