Skip to main content

Flasharray

2 CVEs product

Monthly

CVE-2026-6444 HIGH This Week

Privilege escalation in the Pure Storage FlashArray Purity management interface allows an authenticated low-privileged user to invoke functionality reserved for higher-privileged roles, yielding high confidentiality and integrity impact on managed storage. The CVSS 4.0 score of 8.6 reflects network reach with only low privileges required and no user interaction, though no public exploit identified at time of analysis and SSVC marks exploitation status as none.

Authentication Bypass Flasharray
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-6445 HIGH This Week

Information disclosure in Pure Storage FlashArray Purity (versions 6.5.0-6.5.8 and 6.10.0-6.10.5) allows an authenticated low-privileged user to retrieve sensitive data via insufficiently filtered data paths. The flaw carries a CVSS 4.0 score of 8.7 with high confidentiality, integrity, and availability impact, but SSVC indicates no public exploitation and the attack is not automatable. No public exploit has been identified at the time of analysis.

Information Disclosure Flasharray
NVD
CVSS 4.0
8.7
EPSS
0.0%
EPSS 0% CVSS 8.6
HIGH This Week

Privilege escalation in the Pure Storage FlashArray Purity management interface allows an authenticated low-privileged user to invoke functionality reserved for higher-privileged roles, yielding high confidentiality and integrity impact on managed storage. The CVSS 4.0 score of 8.6 reflects network reach with only low privileges required and no user interaction, though no public exploit identified at time of analysis and SSVC marks exploitation status as none.

Authentication Bypass Flasharray
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Information disclosure in Pure Storage FlashArray Purity (versions 6.5.0-6.5.8 and 6.10.0-6.10.5) allows an authenticated low-privileged user to retrieve sensitive data via insufficiently filtered data paths. The flaw carries a CVSS 4.0 score of 8.7 with high confidentiality, integrity, and availability impact, but SSVC indicates no public exploitation and the attack is not automatable. No public exploit has been identified at the time of analysis.

Information Disclosure Flasharray
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy