216.73.217.50

CVE-2026-55721

· Published 01/07/2026 01:17 · Author: The MITRE Corporation

Labels: CVE-2026-55721

Essential information

Published
01/07/2026 01:17
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
9.3 CRITICAL (v3.1) 9.2 CRITICAL (v4.0)
CISA KEV
No
CWE
CWE-89
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CVSS metrics

Description

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys.

NVD status

NVD
View on NVD