Hi @Sam25 ,
Thank you for bringing this topic to our attention.
QNAP takes information security seriously. For CVE-2026-31431 / “Copy Fail,” QNAP has published an official security advisory here:
https://www.qnap.com/en/security-advisory/qsa-26-16
The advisory provides official information, including the affected scope, non-affected products, and recommended security measures. We recommend referring to this advisory as the primary source of information.
For general risk reduction, users may also review the security measures listed in the advisory, such as limiting shell or terminal access for non-administrator users, using only trusted container images, disabling unnecessary services, and avoiding direct exposure of the NAS to the internet.
Thank you again for helping bring this matter to the community’s attention.