An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html