Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 04 Jun 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Osnexus
Osnexus quantastor |
|
| Vendors & Products |
Osnexus
Osnexus quantastor |
Thu, 04 Jun 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 04 Jun 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a valid password. | |
| Title | Unauthenticated SQL Injection in Osnexus Quantastor | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: BLSOPS
Published:
Updated: 2026-06-04T18:10:36.404Z
Reserved: 2026-06-04T17:05:32.056Z
Link: CVE-2026-10880
Updated: 2026-06-04T18:10:33.539Z
Status : Awaiting Analysis
Published: 2026-06-04T18:16:28.587
Modified: 2026-06-04T19:15:17.327
Link: CVE-2026-10880
No data.
OpenCVE Enrichment
Updated: 2026-06-04T18:30:16Z