CVE-2026-56415
Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system.
View on NVDAnalysis
Storage Concentrator (SC y SCVM) presenta una vulnerabilidad crítica de inyección de comandos en su script debug.pl que permite la ejecución remota de código con privilegios de root sin autenticación. Un atacante puede tomar control total del sistema mediante peticiones HTTP maliciosas, lo cual es extremadamente grave dado su puntaje CVSS de 10.0. Es vital para quienes operan estas soluciones de almacenamiento revisar sus despliegues de infraestructura de forma inmediata.
Relevant roles
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCWE-78EPSS
No EPSS score yet (CVE may be too fresh).
Technical description
Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system.