CVE-2026-10880

SEVERITY CRITICALCVSS 9.8PUBLISHED 2026-06-04VENDOR OsnexusPRODUCT QuantaStor

OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a valid password.

REFERENCES

https://blog.blacklanternsecurity.com/p/cve-2026-10880-osnexus-quantastor

← Back to Vulnerability Radar