Browse all 8 CVE security advisories affecting drakkan. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Drakkan is primarily a network-attached storage (NAS) device designed for home and small office use, offering centralized file storage and media streaming capabilities. Historically, Drakkan has been associated with multiple remote code execution vulnerabilities, often stemming from unauthenticated API endpoints and insecure default configurations. Other common issues include cross-site scripting flaws and privilege escalation weaknesses, frequently found in web management interfaces. The device has faced several high-severity incidents, including a 2020 RCE vulnerability that allowed unauthenticated attackers to execute arbitrary commands, highlighting persistent security challenges in its firmware design and update mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-30915 | SFTPGo improperly sanitizes placeholders in group home directories/key prefixes — sftpgoCWE-22 | 4.3 | - | 2026-03-13 |
| CVE-2026-30914 | SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy — sftpgoCWE-22 | 8.1 | - | 2026-03-13 |
| CVE-2025-24366 | Insufficient sanitization of user provided rsync command in SFTPGo — sftpgoCWE-78 | 7.5 | High | 2025-02-07 |
| CVE-2024-52801 | Brute force takeover of OpenID Connect session cookies in sftpgo — sftpgoCWE-327 | 6.5 | - | 2024-11-29 |
| CVE-2024-52309 | SFTPGo allows administrators to restrict command execution from the EventManager — sftpgoCWE-20 | 7.2AI | HighAI | 2024-11-21 |
| CVE-2024-37897 | Insufficient access control for password reset in sftpgo — sftpgoCWE-287 | 5.4 | Medium | 2024-06-20 |
| CVE-2022-39220 | XSS Vulnerabilities in WebClient — sftpgoCWE-79 | 6.1 | Medium | 2022-09-20 |
| CVE-2022-36071 | Recovery codes abuse in SFTPGo — sftpgoCWE-287 | 8.3 | High | 2022-09-02 |
This page lists every published CVE security advisory associated with drakkan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.