HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Remote Code Execution in Synology DiskStation Manager (CVE‑2022‑45188) via Netatalk Library Buffer Overflow

A zero‑day buffer overflow (CVE‑2022‑45188) in Synology DiskStation Manager's Netatalk library allows unauthenticated attackers to execute arbitrary code as root. The flaw, demonstrated at Pwn2Own, carries a CVSS score of 9.8 and threatens any organization that relies on Synology NAS devices for storage, backup, or file sharing.

LiveThreat™ Intelligence · 📅 March 17, 2026· 📰 zerodayinitiative.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
zerodayinitiative.com

Critical Remote Code Execution in Synology DiskStation Manager (CVE‑2022‑45188) via Netatalk Library Buffer Overflow

What It Is – A newly disclosed zero‑day (ZDI‑26‑187) reveals an unauthenticated buffer‑overflow in the Netatalk library of Synology DiskStation Manager (DSM). The flaw (CVE‑2022‑45188) allows an attacker to execute arbitrary code as root on any vulnerable NAS.

Exploitability – The vulnerability is rated CVSS 9.8 (Critical). No authentication or user interaction is required (AV:N/PR:N/UI:N). Proof‑of‑concept code was demonstrated at the Pwn2Own competition, confirming active exploitability.

Affected Products – Synology DiskStation Manager (all DSM versions prior to the March 2026 security update).

TPRM Impact – Compromised NAS devices can expose sensitive corporate data, serve as footholds for lateral movement, and disrupt critical backup or file‑sharing workflows that third‑party vendors rely on.

Recommended Actions

  • Deploy Synology’s March 2026 DSM security update immediately.
  • Conduct an inventory of all Synology NAS assets across the supply chain and verify patch status.
  • Isolate NAS devices on segmented VLANs and enforce strict firewall rules.
  • Enable DSM’s intrusion detection and monitor for abnormal AFP traffic or unexpected process launches.
  • Review backup integrity and consider re‑imaging any systems that may have been exposed.

Source: Zero Day Initiative Advisory – ZDI‑26‑187

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-187/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →