CVE-2026-22898CRITICAL 9.8EPSS p47.6%

CVE-2026-22898CVE-2026-22898

Description

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.68% probability of exploitation · percentile 47.6% · 2026-06-19T12:03:05Z
Published2026-03-20
Last modified2026-04-14

Underlying weaknesses· 1

CWE-306

References

  1. https://www.qnap.com/en/security-advisory/qsa-26-07

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22897
CVE
CVE-2025-29894
CVE
CVE-2026-26236
CVE
CVE-2026-26237
CVE
CVE-2026-22895
CVE
CVE-2025-29892
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.