CVE-2026-2237

MEDIUM

Synology Storage Manager < 1.0.1-1100 - Use of HTTP Request With Sensitive Query String

Title source: rule
STIX 2.1

Description

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
Synology-SA-26:01 Storage Manager
https://www.synology.com/en-global/security/advisory/Synology_SA_26_01

Scores

CVSS v3 6.2
EPSS 0.0009
EPSS Percentile 0.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-598
Status published
Products (2)
Synology/Storage Manager < 1.0.1-1100
synology/storage_manager < 1.0.1-1100
Published May 27, 2026
Tracked Since May 27, 2026