📦 Diskstation Manager Unified Controller

by Synology

🔍 What is Diskstation Manager Unified Controller?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2024-45538

CRITICAL CVSS 9.6 Dec 4, 2025

A Cross-Site Request Forgery (CSRF) vulnerability in Synology's WebAPI Framework allows remote attackers to trick authenticated users into executing arbitrary code on Synology DiskStation Manager (DSM...

CVE-2022-22687

CRITICAL CVSS 9.8 Mar 25, 2022

This is a critical buffer overflow vulnerability in Synology DiskStation Manager's authentication functionality that allows remote attackers to execute arbitrary code without authentication. It affect...

CVE-2021-27649

CRITICAL CVSS 9.8 Jun 23, 2021

This is a critical use-after-free vulnerability in Synology DiskStation Manager's file transfer protocol component that allows remote attackers to execute arbitrary code on affected systems. Attackers...

CVE-2021-26562

CRITICAL CVSS 9.0 Feb 26, 2021

This vulnerability allows man-in-the-middle attackers to execute arbitrary code on Synology DiskStation Manager (DSM) systems by exploiting an out-of-bounds write in the synoagentregisterd service via...

CVE-2021-26560

CRITICAL CVSS 9.0 Feb 26, 2021

CVE-2021-26560 allows man-in-the-middle attackers to intercept and spoof servers during HTTP sessions with synoagentregisterd in Synology DSM. This cleartext transmission vulnerability affects Synolog...

CVE-2024-45539

HIGH CVSS 7.5 Dec 4, 2025

An out-of-bounds write vulnerability in CGI components of Synology DiskStation Manager (DSM) and Unified Controller (DSMUC) allows remote attackers to cause denial-of-service attacks. This affects Syn...

CVE-2021-29085

HIGH CVSS 8.6 Jun 23, 2021

This vulnerability allows remote attackers to read arbitrary files on Synology DiskStation Manager (DSM) systems through improper input sanitization in the file sharing management component. Attackers...

CVE-2021-29087

HIGH CVSS 7.5 Jun 23, 2021

This path traversal vulnerability in Synology DiskStation Manager's webapi component allows remote attackers to write arbitrary files to restricted directories. It affects Synology DSM versions before...

CVE-2024-5401

MEDIUM CVSS 4.3 Dec 4, 2025

This vulnerability allows authenticated remote users to escalate privileges without authorization in Synology DiskStation Manager and Unified Controller. Attackers with valid credentials can gain high...