Vulnerability intelligence

CVE-2026-26237

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later

CVSS Score

6.6

Medium

EPSS — Exploit Probability

0.3%

Riskier than 20% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

unknown

Check vendor advisories

NVD entry PoC / advisory

1 article across 1 outlet · first covered Jun 22, 2026 · latest Jun 22, 2026

Coverage timeline

QNAP patches critical QuMagie flaws exposing private photos
securityonline.info · Jun 22, 2026