A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.
We have already fixed the vulnerability in the following versions:
QTS 18.104.22.1684 build 20230906 and later
QTS 22.214.171.1241 build 20230815 and later
QuTS hero h126.96.36.1995 build 20230907 and later
QuTS hero h188.8.131.528 build 20230812 and later
QuTScloud c184.108.40.2068 and later