6.2

CVE-2026-2237

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SynologyStorage Manager Version < 1.0.1-1100
   SynologyDiskstation Manager Version7.2.1
   SynologyDiskstation Manager Version7.2.2
   SynologyDiskstation Manager Version7.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.007
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@synology.com 6.2 2.5 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-598 Use of HTTP Request With Sensitive Query String

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

https://www.synology.com/en-global/security/advisory/Synology_SA_26_01
Vendor Advisory