Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-56415

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system.

View on NVD

Analysis

Storage Concentrator (SC y SCVM) presenta una vulnerabilidad crítica de inyección de comandos en su script debug.pl que permite la ejecución remota de código con privilegios de root sin autenticación. Un atacante puede tomar control total del sistema mediante peticiones HTTP maliciosas, lo cual es extremadamente grave dado su puntaje CVSS de 10.0. Es vital para quienes operan estas soluciones de almacenamiento revisar sus despliegues de infraestructura de forma inmediata.

Relevant roles

BackendLinuxCyberSecurityCloud

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-78

EPSS

No EPSS score yet (CVE may be too fresh).

Technical description

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system.

Published: 6/30/2026, 11:17:32 PM
Last modified: 6/30/2026, 11:17:32 PM

References

HomeEventsBlogResourcesTeam