Important Information Regarding PHPMailer Vulnerability (CVE-2016-10033)
A PHPMailer vulnerability (CVE-2016-10033) in which remote code execution could be performed via command injection has been revealed. However, after further investigation, it has been confirmed that Synology NAS is not affected because we do not employ vulnerable implementation of PHPMailer.
For precautionary purposes, Synology is now working on a DSM 6.0 update to address this issue.
Synology will release a DSM 6.0 update (6.0.2-8451-8) and SRM 1.1.3 to address this issue in the coming weeks.