A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks.
We have already fixed this vulnerability in the following versions:
QTS 188.8.131.525 build 20210630 and later
QuTS hero h184.108.40.2061 build 20210825 and later
QuTScloud c220.127.116.115 build 20210809 and later