What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
VergeIO
RAIDON

QNAP Security Advisory Bulletin ID: QSA-26-16

Affected products: QTS on specific QNAP ARM64 NAS models running Kernel 5.10

This is a Press Release edited by StorageNewsletter.com on June 22, 2026 at 2:00 pm

QNAP Systems, Inc. has issued a security advisory regarding a vulnerability that could affect specific versions of its products. Use the following information and recommendations to mitigate exposure while official security updates are being prepared.

This advisory includes the following:

Local Privilege Escalation Vulnerability in Linux Kernel (Copy Fail)

Security ID: QSA-26-16
Release date: May 2, 2026
CVE identifier: CVE-2026-31431
Severity: Moderate
Status: Investigating
Affected products: QTS on specific QNAP ARM64 NAS models running Kernel 5.10

Summary
A local privilege escalation vulnerability, commonly known as ‘Copy Fail’, has been reported to affect the Linux kernel. If exploited, this vulnerability could allow an authenticated, non-administrator user with code execution capabilities to obtain elevated system privileges.

This vulnerability specifically affects systems that meet both of the following criteria:

  1. Architecture: ARM64.
  2. Kernel Version: Linux Kernel 5.10.

QNAP is currently investigating the issue and developing security updates. This advisory will be updated as soon as fixes are available.

Affected Products
The following OS versions are affected:

  • QTS on specific QNAP ARM64 NAS models running Kernel 5.10

To verify your NAS architecture and kernel version, log in to QTS or check the technical specifications for your model here.

Products Not Affected
The following products and configurations are not impacted by this vulnerability:

  • All QNAP x86-based NAS
  • All QuTS hero NAS models
  • QNAP ARM-based NAS running QTS 4.x (these utilize older kernel versions)
  • QNAP ARM-based NAS running kernel versions other than 5.10

Recommendation
Currently, no official mitigation is available for this vulnerability. the company strongly recommend users install security updates immediately upon release.

To reduce exposure on potentially affected devices, QNAP recommends following security measures:

  • Restrict Access: Avoid granting shell access or terminal permissions to non-administrator users
  • Container Security: Limit container deployments to trusted images and restrict environment access within Container Station
  • Disable Unused Services: Disable the Web Server (default port 80) and other non-essential applications if not in use
  • Network Protection: Ensure the NAS is not directly exposed to the internet. Use QuFirewall or external network firewalls to restrict access

Articles_bottom
SNL Awards_2026
AIC