Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-14026)

Version 1.2 Mar 24, 2026, 11:39 AM CVSS metrics ("CVSSv2 score" set to 6.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 5.4) CVSS metrics ("Cvssv4 threat score" set to 2.0) CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U") CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 severity (based on CVE-2024-14026, severity decreased from "High" to "Medium") CVSSv4 severity (based on None, severity decreased from "High" to "Medium") Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202603241139
Version 1.1 Mar 23, 2026, 8:09 PM New Plugin Feed: 202603232009

* Changelogs are generally available for changes made after Nov 1, 2022