CVE-2022-49042

HIGH

Synology Hyper Backup Explorer < 3.0.1-0156 - Inclusion of Functionality from Untrusted Control Sphere

Title source: rule
STIX 2.1

Description

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
Release note
https://www.synology.com/en-global/releaseNote/HyperBackupExplorer

Scores

CVSS v3 7.8
EPSS 0.0012
EPSS Percentile 2.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-829
Status published
Products (2)
synology/hyper_backup_explorer < 3.0.1-0156
Synology/Synology Hyper Backup Explorer < 3.0.1-0156
Published Jun 03, 2026
Tracked Since Jun 03, 2026