Synology-SA-26:10 Synology Chat Server
Publish Time: UTC+8
Last Updated: UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Synology has released a security update for the Synology Chat Server package in DSM to address multiple vulnerabilities :
- CVE-2026-40541 allows remote authenticated users to read or write arbitrary files and conduct denial-of-service attacks.
- CVE-2026-9491 allows remote authenticated users to obtain non-sensitive information.
- CVE-2026-9548 allows remote authenticated users to read or write restricted files and conduct limited denial-of-service attacks.
Please refer to the 'Affected Products' table for the corresponding updates.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Synology Chat Server for DSM 7.3 | Important | Upgrade to 2.4.5-22148 or above. |
| Synology Chat Server for DSM 7.2.2 | Important | Upgrade to 2.4.5-22148 or above. |
| Synology Chat Server for DSM 7.2.1 | Important | Upgrade to 2.4.5-22148 or above. |
Mitigation
None
Detail
CVE-2026-40541
- Severity: Important
- CVSS3 Base Score: 9.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2026-9491
- Severity: Moderate
- CVSS3 Base Score: 4.3
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE-918: Server-Side Request Forgery (SSRF)
- ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2026-9548
- Severity: Moderate
- CVSS3 Base Score: 6.5
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Acknowledgement
Lam Jun Rong and Javier Koh, Cyber Specialists of the Digital and Intelligence Service (DIS) working with the Centre for Strategic Infocomm Technologies (CSIT) and Dr Joseph Teo, CSIT
Warisse Valentin (Aytio)
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2026-05-26 | Initial public release. |