Stonefly Storage Concentrator
5 CVEs affecting Stonefly Storage Concentrator. Latest disclosed: 2026-06-30. Critical: 4, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-56415 | Critical | 10.0 | 2026-06-30 | Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attac… |
CVE-2026-56413 | Critical | 10.0 | 2026-06-30 | Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts… |
CVE-2026-55721 | Critical | 9.3 | 2026-06-30 | Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incor… |
CVE-2026-50110 | Critical | 9.2 | 2026-06-30 | Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are… |
CVE-2026-50040 | Medium | 6.1 | 2026-06-30 | Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker c… |