Screenshot 2024-10-28 at 12.33.52 PM2458×2398 358 KB

Synology Photos has a CVE allowing remote code execution

It looks like at PWN2OWN 2024 there was a found vulnerability in synology photos, and it was rated CRITICAL (link)

The fix is out there for all versions of Synology photos. The update should be available in the package center. I have done it on all of my client machines no issues, with no change in anything, so it should be green light!

Thank you for the heads up on this problem. I immediately updated with no issues. You diligence in keeping us informed is appreciated.