6.2
CVE-2026-2237
- EPSS 0.09%
- Veröffentlicht 27.05.2026 08:44:29
- Zuletzt bearbeitet 02.06.2026 10:16:20
- Quelle security@synology.com
- CVE-Watchlists
- Unerledigt
A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Synology ≫ Storage Manager Version < 1.0.1-1100
Synology ≫ Diskstation Manager Version7.2.1
Synology ≫ Diskstation Manager Version7.2.2
Synology ≫ Diskstation Manager Version7.3
Synology ≫ Diskstation Manager Version7.2.2
Synology ≫ Diskstation Manager Version7.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.007 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security@synology.com | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-598 Use of HTTP Request With Sensitive Query String
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
https://www.synology.com/en-global/security/advisory/Synology_SA_26_01