CVE-2026-2237

Summary

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information.

Affected Software

VendorProductVersion RangeStatus
SynologyStorage Manager* < 1.0.1-1100affected

Weaknesses

  • CWE-598: Use of GET Request Method With Sensitive Query Strings

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References