Known Vulnerabilities for products from Synology
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Synology".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Synology can be found at device.report : Synology
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45003 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-35635 json | Not Provided | 2026-04-09 | 2026-04-13 | |
| CVE-2026-2237 json | A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager packa... | Not Provided | 2026-05-27 | 2026-06-01 |
| CVE-2025-66593 json | An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files... | Not Provided | 2026-05-27 | 2026-06-01 |
| CVE-2025-66592 json | An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to... | Not Provided | 2026-05-27 | 2026-06-01 |
| CVE-2025-14713 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2025-13593 json | Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary... | Not Provided | 2026-05-27 | 2026-06-01 |
| CVE-2025-13392 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2025-13167 json | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality i... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2025-12686 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2024-47272 json | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47271 json | Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47270 json | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47269 json | Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station be... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47268 json | Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-957... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-47267 json | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality ... | Not Provided | 2026-05-27 | 2026-05-28 |
| CVE-2024-0854 json | 5.4 - MEDIUM | 2024-01-24 | 2024-01-30 | |
| CVE-2023-52945 json | Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 a... | Not Provided | 2026-05-27 | 2026-05-29 |
| CVE-2023-41741 json | Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) be... | 7.5 - HIGH | 2023-08-31 | 2023-11-07 |
| CVE-2023-41740 json | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Rou... | 5.3 - MEDIUM | 2023-08-31 | 2023-11-07 |
Known software with vulnerabilities from Synology
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Synology | Application Service | 1.0.0-0022 |
| Application | Synology | Assistant | 2.2-1062 |
| Application | Synology | Audio Station | 4.0-2307 |
| Application | Synology | Calendar | 1.0.0-0121 |
| Application | Synology | Carddav Server | 5.2.0-0019 |
| Application | Synology | Chat | 1.0.0-0126 |
| Application | Synology | Cloud Station | 1.1-2291 |
| Application | Synology | Cloud Station Backup | 4.0-4203 |
| Application | Synology | Cloud Station Drive | 1.0-2197 |
| Application | Synology | Directory Server | - |
| Application | Synology | Diskstation Manager | - |
| Application | Synology | Dns Server | 1.0-0017 |
| Application | Synology | Download Station | 3.2-2295 |
| Application | Synology | Drive | 1.0.0-10240 |
| Hardware | Synology | Ds107 | - |
| Operating System | Synology | Ds107 Firmware | 3.1-1594 |
| Hardware | Synology | Ds116 | - |
| Operating System | Synology | Ds116 Firmware | 5.2-5644-1 |
| Hardware | Synology | Ds213 | - |
| Operating System | Synology | Ds213 Firmware | 4.0-2243 |