Known Vulnerabilities for products from Synology
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Synology".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Synology can be found at device.report : Synology
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45003 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-35635 json | Not Provided | 2026-04-09 | 2026-04-13 | |
| CVE-2026-3091 json | An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or w... | Not Provided | 2026-02-24 | 2026-06-02 |
| CVE-2026-2237 json | A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager packa... | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2025-66593 json | Not Provided | 2026-05-27 | 2026-06-02 | |
| CVE-2025-66592 json | An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to... | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2025-30028 json | A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files. | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2025-14713 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2025-13593 json | Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary... | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2025-13392 json | Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-... | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2025-13167 json | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality i... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2025-12686 json | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS... | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2025-10466 json | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology... | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2024-47272 json | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47271 json | Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47270 json | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47269 json | Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station be... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47268 json | Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-957... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47267 json | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality ... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-11399 json | Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop ... | Not Provided | 2026-05-27 | 2026-06-02 |
Known software with vulnerabilities from Synology
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Synology | Application Service | 1.0.0-0022 |
| Application | Synology | Assistant | 2.2-1062 |
| Application | Synology | Audio Station | 4.0-2307 |
| Application | Synology | Calendar | 1.0.0-0121 |
| Application | Synology | Carddav Server | 5.2.0-0019 |
| Application | Synology | Chat | 1.0.0-0126 |
| Application | Synology | Cloud Station | 1.1-2291 |
| Application | Synology | Cloud Station Backup | 4.0-4203 |
| Application | Synology | Cloud Station Drive | 1.0-2197 |
| Application | Synology | Directory Server | - |
| Application | Synology | Diskstation Manager | - |
| Application | Synology | Dns Server | 1.0-0017 |
| Application | Synology | Download Station | 3.2-2295 |
| Application | Synology | Drive | 1.0.0-10240 |
| Hardware | Synology | Ds107 | - |
| Operating System | Synology | Ds107 Firmware | 3.1-1594 |
| Hardware | Synology | Ds116 | - |
| Operating System | Synology | Ds116 Firmware | 5.2-5644-1 |
| Hardware | Synology | Ds213 | - |
| Operating System | Synology | Ds213 Firmware | 4.0-2243 |