Just been testing my devices here with this PoC: GitHub - rootsecdev/cve_2026_31431: Exploit POC for CVE_2026_31431 · GitHub
I can confirm the info in the security advisory: the only QNAP NAS affected by this issue has an ARM64 CPU (TS-216G running QTS 5.2.9.3451).
[/share/Public] # python3 test_cve_2026_31431.py; echo $?
[*] CVE-2026-31431 detector kernel=5.10.60-qnap arch=aarch64
[i] Kernel 5.10.60-qnap predates the affected 6.12/6.17/6.18 lines; trigger may not apply even if prerequisites match.
[+] AF_ALG + 'authencesn(hmac(sha256),cbc(aes))' loadable - precondition met.
[!] VULNERABLE to CVE-2026-31431.
[!] Marker b'PWND' (AAD seqno_lo) landed in the spliced page-cache page at offset 0.
[!] Surrounding bytes: 50574e444641494c2d53454e (b'PWNDFAIL-SEN')
[!] Apply the upstream fix or block algif_aead immediately.
2
All other arches were OK. 
Edit: here’s an x86-64 (TS-251+ running QTS 5.2.9.3451):
[/share/Public] # python3 test_cve_2026_31431.py; echo $?
[*] CVE-2026-31431 detector kernel=5.10.60-qnap arch=x86_64
[i] Kernel 5.10.60-qnap predates the affected 6.12/6.17/6.18 lines; trigger may not apply even if prerequisites match.
[+] Precondition not met (AF_ALG socket family unavailable (Address family not supported by protocol)). NOT vulnerable.
0