Skip to main content

Storage Concentrator CVE-2026-55721

| EUVDEUVD-2026-40459 CRITICAL
SQL Injection (CWE-89)
2026-06-30 ics-cert@hq.dhs.gov GHSA-864f-9wr6-7qwp
9.2
CVSS 4.0 · Vendor: hq
Share

Severity by source

Vendor (hq) PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.3 CRITICAL

Unauthenticated cookie injection at a network-reachable endpoint gives AV:N/AC:L/PR:N/UI:N; disclosure of credentials usable beyond the database warrants S:C and C:H, with limited I:L and no availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Primary rating from Vendor (hq).

CVSS VectorVendor: hq

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 01, 2026 - 02:16 EUVD
Analysis Generated
Jun 30, 2026 - 23:32 vuln.today

DescriptionCVE.org

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys.

AnalysisAI

SQL injection in StoneFly Storage Concentrator (SC and SCVM) lets an unauthenticated remote attacker read sensitive database contents by injecting through the cookie value handled by the login.pl and debug.pl CGI scripts. Successful exploitation discloses session tokens, password hashes, and stored secret keys, enabling authentication bypass and broader compromise of the storage appliance. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach SC/SCVM web interface
Delivery
Send request with malicious cookie
Exploit
SQL injection in login.pl/debug.pl
Execution
Extract hashes, tokens, secret keys
Persist
Authenticate via stolen session
Impact
Compromise storage appliance

Vulnerability AssessmentAI

Exploitation Exploitation requires only network access to the Storage Concentrator web management interface and the ability to send an HTTP request with an attacker-chosen cookie value to the login.pl or debug.pl scripts - no authentication, no user interaction, and no non-default configuration are needed (PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Risk is high. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the appliance's web interface sends an HTTP request to login.pl or debug.pl with a crafted cookie containing SQL injection syntax. Because no authentication is required and complexity is low, the attacker iteratively extracts the credentials table, recovering password hashes, valid session tokens, and secret keys, then replays a stolen session token or cracked hash to authenticate as an administrator. …
Remediation No vendor-released patch version was identified in the provided data; consult the CISA advisory (ICSA-26-181-06) and StoneFly support (https://stonefly.com/contact-us/) for an updated build and apply it as the primary fix once available. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all StoneFly Storage Concentrator instances (SC and SCVM models) and assess network exposure to affected CGI scripts (login.pl, debug.pl). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55721 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy