PT-2026-54436 · Unknown · Storage Concentrator

David Yesland

·

Published

2026-06-30

·

Updated

2026-07-01

·

CVE-2026-55721

CVSS v3.1

9.3

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions Storage Concentrator (SC & SCVM) (affected versions not specified)
Description An issue exists where cookie values processed by the login.pl and debug.pl scripts are incorporated directly into database queries without adequate sanitization. This allows an unauthenticated remote attacker to perform SQL injection, a technique used to manipulate database queries, to extract sensitive information such as session tokens, password hashes, and stored secret keys.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55721

Affected Products

Storage Concentrator