SYNOLOGY has issued a critical security alert regarding vulnerabilities in the Synology Chat Server, particularly affecting DiskStation Manager (DSM). Key issues include a high-severity vulnerability (CVE-2026-40541) that allows authenticated users to read, write, and potentially disrupt services, posing risks like data theft and service outages. Two additional medium-severity vulnerabilities (CVE-2026-9548 and CVE-2026-9491) also require attention as they enable limited file access and information exposure.
To mitigate these risks, system administrators must immediately update to version 2.4.5-22148 or above. Regular audits and prompt updates are essential to maintain network security.