Security ID : QSA-26-07
Vulnerability in QVR Pro
Release date : March 21, 2026
CVE identifier : CVE-2026-22898 | ZDI-CAN-28327
Affected products: QVR Pro 2.7.x
Severity
Critical
Status
Resolved
Summary
A missing authentication for critical function vulnerability has been reported to affect QVR Pro. If exploited, remote attackers can gain access to the system.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| QVR Pro 2.7.x | QVR Pro 2.7.4.1485 and later |
Recommendation
To fix the vulnerability, we recommend updating QVR Pro to the latest version.
Updating QVR Pro
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "QVR Pro" and then press ENTER.
QVR Pro appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your QVR Pro is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements: FuzzingLabs
Revision History:
V1.0 (March 21, 2026) - Published
