SB2026051268 - Local privilege escalation in QNAP QuTS products
Published: May 12, 2026 Updated: May 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Resource management error (CVE-ID: CVE-2026-43284)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/U:Amber
The vulnerability allows a local user to escalate privileges on the system.
The xfrm-ESP Page-Cache Write vulnerability exists due to improper management of internal resources in esp_input() function in net/ipv4/esp4.c and esp6_input() function in net/ipv6/esp6.c. A local user can execute arbitrary code with root privileges.
Note, this is one of two vulnerabilities reported as Dirty Frag.
2) Resource management error (CVE-ID: CVE-2026-43500)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/U:Amber
The vulnerability allows a local user to escalate privileges on the system.
The RxRPC Page-Cache Write vulnerability exists due to improper management of internal resources. A local user can execute arbitrary code with root privileges.
Note, this vulnerability is one of two issues described as Dirty Frag.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.