SYNOLOGY has released a series of essential or critical updates for DSM in response to a Telnet‑related vulnerability designated as CVE-2026-24061, which primarily concerns the telnetd process within the DSM terminal functionality. The company notes the flaw carries a high risk rating and urges users to move to the latest software iteration, especially if Telnet services are required.
Although DSM generally disables terminal services by default, the vulnerability resides in core system files and can degrade the system’s security posture even when Telnet is inactive. A successful attack could enable local privilege escalation if an attacker gains entry from a secondary, low‑privilege environment, making the updates the prudent route to preserve the device’s overall security perimeter.
Affected lines and their required updates include: DSM 7.3 series before 7.3.2-86009, DSM 7.2.2 series to 7.2.2-72806-5 or higher, and DSM 7.3.1 series to 7.3.1-86003 Update 1 or higher.