Critical Synology DiskStation Manager Bug Lets Attackers Run Commands
Key Takeaways A critical vulnerability (CVE-2026-32746) has been identified in Synology DiskStation Manager (DSM) and DSMUC, impacting network-attached storage (NAS) systems. The flaw, a buffer...
Key Takeaways
- A critical vulnerability (CVE-2026-32746) has been identified in Synology DiskStation Manager (DSM) and DSMUC, impacting network-attached storage (NAS) systems.
- The flaw, a buffer overflow in the
telnetddaemon, allows unauthenticated remote attackers to execute arbitrary commands with a CVSSv3 score of 9.8. - This poses a severe risk to organizations, as NAS devices often contain sensitive data and backups, making them prime targets for ransomware and data exfiltration.
- Patches are available for most affected DSM versions, and Synology advises immediate updates or disabling the Telnet service as a temporary mitigation.
Critical Flaw in Synology DSM Exposes NAS Devices to Remote Command Execution
A severe security vulnerability in Synology’s DiskStation Manager (DSM) and DSMUC could allow unauthorized attackers to execute arbitrary commands on network-attached storage (NAS) devices. The flaw carries a critical CVSSv3 base score of 9.8, prompting an urgent call for administrators to apply patches.
Table Of Content
Given the pervasive deployment of Synology NAS systems for critical enterprise data management and backup operations, this vulnerability presents a significant risk. Organizations are strongly advised to implement available security updates without delay.
Technical Details of CVE-2026-32746
The vulnerability, tracked as CVE-2026-32746, stems from a buffer overflow (CWE-120) within the telnetd daemon, part of the GNU Inetutils package, specifically affecting versions up to 2.7. This critical defect arises from improper handling of inputs by the LINEMODE SLC (Set Local Characters) suboption handler during active network sessions.
The core problem lies in the add_slc function, which fails to validate whether its buffer is already at capacity. This oversight leads to an out-of-bounds write, a memory corruption error that can be exploited by threat actors. By leveraging this flaw, an attacker can bypass authentication mechanisms entirely and execute malicious commands directly on the host system, gaining full control over the affected NAS device.
High-Value Target for Cybercriminals
NAS devices are consistently high-value targets for various cybercriminal groups, including ransomware operators and data extortionists. These systems frequently house sensitive corporate data, intellectual property, and critical backup repositories, making any remote command-execution vulnerability a severe organizational threat.
A successful unauthenticated compromise could enable threat actors to deploy ransomware payloads, exfiltrate confidential files, or establish persistent backdoors within an organization’s internal network, potentially before any intrusion detection systems register an alert.
Affected Products and Patches
Synology has confirmed that multiple versions of DSM and DSMUC are critically impacted by this vulnerability. The vendor has released firmware upgrades to address the flaw across most affected operating systems.
- Administrators running DSM 7.3 must upgrade to version 7.3.2-86009-3 or newer.
- Those utilizing DSM 7.2.2 need to update to version 7.2.2-72806-8 or later.
- Systems on DSM 7.2.1 require an upgrade to 7.2.1-69057-11 or above.
- For DSMUC 3.1, a critical security patch is currently under active development.
Notably, other enterprise products such as BeeStation OS 1.4, SRM 1.3, and VS600HD 1.2 are not affected by this specific GNU Inetutils vulnerability.
What You Should Do
- Apply Patches Immediately: For all affected DSM versions where patches are available, update your Synology NAS devices to the latest firmware as soon as possible.
- Disable Telnet Service: If you are managing systems with a pending patch, such as DSMUC 3.1, or if immediate patching is not feasible, Synology strongly recommends disabling the Telnet service. This action neutralizes the risk of remote exploitation as the vulnerability specifically requires access to the Telnet protocol.
- Follow Best Practices: To disable Telnet, navigate to the Control Panel, access Terminal settings, uncheck the “Enable Telnet service” option, and click Apply. Disabling Telnet also aligns with modern cybersecurity best practices, as Telnet transmits data in plaintext and is considered an outdated, insecure protocol.
- Monitor Synology Advisories: Stay informed by regularly checking Synology’s official security advisories for updates on patches and recommended mitigations.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.