QNAP has addressed four significant vulnerabilities in their QuMagie photo management app, impacting versions prior to 2.9.1 and 1.9.56 with a high severity score of 9.8 (CVSSv3). These vulnerabilities allow unauthenticated access to personal media files, AI thumbnails, and album archives, which could potentially lead to identity theft or extortion. The affected CVEs include CVE-2026-44083, CVE-2026-26236, CVE-2026-26237, and CVE-2025-62851.
No confirmed exploitations have yet been reported, but users are advised to update to the latest versions immediately and restrict remote access. The issues primarily focus on information disclosure rather than code execution.