CVE-2026-50040
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application.
Risk Assessment
The risk includes theft of session cookies, redirection of users to malicious sites, or performing unauthorized actions on behalf of the victim, potentially leading to data confidentiality and integrity breaches.
Recommendation
Immediately update Storage Concentrator to the latest patched version and implement input validation and output encoding for all error pages.
Original NVD description (English source)
Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim.

