CyberSecurityBoard
Sponsor Register Login

QNAP warns its Windows backup software is also affected by critical ASP.NET flaw

QNAP has issued a warning that its Windows backup software is vulnerable to a critical ASP.NET flaw, expanding the scope of affected products beyond its NAS devices. This vulnerability, identified as CVE-2023-26360, allows attackers to execute arbitrary code remotely, posing a significant security risk to users. The flaw stems from improper input validation in the ASP.NET Core framework, which QNAP's backup software utilizes. Cybersecurity experts emphasize the urgency of applying patches and updates released by QNAP to mitigate potential exploitation. The company has provided detailed guidance for users to secure their systems and prevent unauthorized access. This incident highlights the broader impact of ASP.NET vulnerabilities on various software platforms and the importance of timely updates in cybersecurity defense strategies. Organizations using QNAP's backup solutions are advised to review their security posture and implement recommended measures promptly to avoid compromise.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 27 Oct 2025 16:55:15 +0000


Cyber News related to QNAP warns its Windows backup software is also affected by critical ASP.NET flaw

CVE-2022-32988 - Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files ...
3 years ago
CVE-2023-53109 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2024-26633 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2023-53863 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
CVE-2025-21707 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2023-53798 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
CVE-2024-26857 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2024-35893 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2024-47685 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use ...
1 year ago Tenable.com
CVE-2024-58071 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-42106 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2025-37961 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2025-21959 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2025-38491 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
QNAP warns its Windows backup software is also affected by critical ASP.NET flaw - QNAP has issued a warning that its Windows backup software is vulnerable to a critical ASP.NET flaw, expanding the scope of affected products beyond its NAS devices. This vulnerability, identified as CVE-2023-26360, allows attackers to execute ...
1 month ago Bleepingcomputer.com CVE-2023-26360
CVE-2024-50083 - In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending ...
1 year ago Tenable.com
CVE-2023-52784 - In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. ...
1 year ago Tenable.com
Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
2 years ago Bleepingcomputer.com
CVE-2024-26781 - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected ...
1 year ago Tenable.com
CVE-2025-21858 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-57802 - In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ...
11 months ago Tenable.com
CVE-2024-50035 - In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is ...
1 year ago Tenable.com
CVE-2025-21716 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2022-48956 - In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot ...
1 year ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)