Ddos 
QNAP Systems, Inc. has issued a critical security advisory for users of its QVR Pro surveillance solution. A high-severity vulnerability, tracked as CVE-2026-22898 with a CVSS score of 9.3, could allow remote attackers to bypass authentication and gain full access to sensitive surveillance systems.
As QVR Pro is a central hub for managing IP cameras and recording footage, this flaw represents a significant privacy and security risk for both home and enterprise users.
The vulnerability is rooted in a “missing authentication for critical function” error. In a secure environment, any request to access administrative or system-level functions should require valid credentials. However, this flaw allows a remote actor to skip the login process entirely.
By exploiting this “open door,” an attacker could potentially view live camera feeds, access archived recordings, or alter system configurations without ever needing a username or password.
The vulnerability specifically impacts the QVR Pro 2.7.x branch. QNAP has moved quickly to address the issue and has already released a patched version of the software.
| Affected Product | Fixed Version |
| QVR Pro 2.7.x | QVR Pro 2.7.4.1485 and later |
To secure your surveillance data, QNAP strongly recommends updating QVR Pro to the latest version immediately. Administrators can perform the update through the QTS or QuTS hero interface:
- Log on to your QNAP NAS as an administrator.
- Open the App Center and use the search box to find “QVR Pro“.
- If an update is available, click the Update button.
- Click OK on the confirmation message to begin the installation.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
