Vulnerabilities in QuMagie and License Center

Summary

Multiple vulnerabilities have been reported to affect QuMagie:

• CVE-2026-26236: Pre-authentication vulnerability
  An unauthenticated remote attacker may access media files stored in QuMagie, potentially resulting in information disclosure.
   
• CVE-2026-26237: Pre-authentication vulnerability
  An unauthenticated remote attacker may access AI face recognition thumbnails and folder cover images, potentially resulting in information disclosure.
   
• CVE-2026-44083: Unauthorized access vulnerability
  An unauthenticated remote attacker may gain unauthorized access to media files and album archives stored in QuMagie, potentially resulting in information disclosure.
   
• CVE-2025-62851:Path traversal
  An authenticated administrator may access files outside the intended directory due to a path traversal vulnerability in qlicenseRequest.cgi.
   

We have already fixed the vulnerabilities in the following version:

Recommendation

To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

Updating QuMagie

1. Log on to QTS or QuTS hero as an administrator.
2. Open App Center and then click .
   A search box appears.
3. Type "QuMagie" and then press ENTER.
   QuMagie appears in the search results.
4. Click Update.
   A confirmation message appears.
   Note: The Update button is not available if your QuMagie is already up to date.
5. Click OK.
   The system updates the application.

Updating License Center

1. Log on to QTS or QuTS hero as an administrator.
2. Open App Center and then click .
   A search box appears.
3. Type "License Center" and then press ENTER.
   License Center appears in the search results.
4. Click Update.
   A confirmation message appears.
   Note: The Update button is not available if your License Center is already up to date.
5. Click OK.
   The system updates the application.