What is GHSA-jhw8-2xh3-xhmf?

GHSA-jhw8-2xh3-xhmf is a security advisory published by GitHub Security Advisories with Medium severity. A path traversal vulnerability has been reported to affect several QNAP operating system versions...

Which CVE IDs does GHSA-jhw8-2xh3-xhmf cover?

GHSA-jhw8-2xh3-xhmf covers the following CVE IDs: CVE-2026-24717. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-jhw8-2xh3-xhmf?

GHSA-jhw8-2xh3-xhmf has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-jhw8-2xh3-xhmfMediumCVSS 6.5

A path traversal vulnerability has been reported to affect several QNAP operating system versions...

Vendor

GitHub Security Advisories

Published

June 10, 2026

Last Modified

June 12, 2026

🔗 CVE IDs covered (1)

CVE-2026-24717 →

📋 Description

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-24717
https://www.qnap.com/en/security-advisory/qsa-26-34
https://github.com/advisories/GHSA-jhw8-2xh3-xhmf