CVE 8.7 HIGH

QuMagie_CVE-2026-26236

June 9, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.

We have already fixed the vulnerability in the following version:
QuMagie 2.9.0 and later

AI Analysis

Missing authorization vulnerability allowing remote attackers to access unauthorized data or perform unauthorized actions

Basic Information

ID CVE-2026-26236

Source qnap

Published Jun 9, 2026 at 04:06

Affected Product

Vendor QNAP Systems Inc.

Product QuMagie

Version 2.9.0

Affected Versions QNAP Systems Inc. QuMagie 2.9.0

CWE Classification

CWE-862

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor QNAP Systems Inc.

Product QuMagie

Version < 2.9.0

References

www.qnap.com /en/security-advisory/qsa-26-36

{
    "lastseen": "",
    "description": "A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.9.0 and later",
    "published": "2026-06-09T04:06:37.135Z",
    "modified": "2026-06-09T04:06:37.135Z",
    "type": "cve",
    "title": "QuMagie",
    "source": "qnap",
    "references": "https://www.qnap.com/en/security-advisory/qsa-26-36",
    "id": "CVE-2026-26236",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "QNAP Systems Inc. QuMagie 2.9.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "QuMagie",
    "version": "2.9.0",
    "vendor": "QNAP Systems Inc.",
    "ai_description": "Missing authorization vulnerability allowing remote attackers to access unauthorized data or perform unauthorized actions",
    "ai_severity": "High",
    "ai_vendor": "QNAP Systems Inc.",
    "ai_product": "QuMagie",
    "ai_version": "< 2.9.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply