CVE-2026-55721
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk33th percentile — higher than 33% of all known CVEs
Summary
SQL injection vulnerability in Storage Concentrator (SC & SCVM) exists through cookie values processed by login.pl and debug.pl scripts. Unsanitized cookie data is directly incorporated into database queries, allowing an unauthenticated remote attacker to manipulate queries and extract sensitive information such as session tokens, password hashes, and stored secret keys.
Risk Assessment
The organization is at risk of credential and secret key theft, which could lead to unauthorized system access and further attacks on the infrastructure.
Recommendation
Immediately apply the security patch provided by the vendor and audit the login.pl and debug.pl scripts to implement input validation and parameterized SQL queries.
Original NVD description (English source)
Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys.

