CVE-2026-10880 – Unauthenticated SQL Injection in Osnexus Quantastor

admin
June 4, 2026
Wire

CVE ID :CVE-2026-10880

Published : June 4, 2026, 5:19 p.m. | 1 hour, 1 minute ago

Description :OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a valid password.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More

Related Posts

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

CVE-2026-55196 – Hermes WebUI < 0.51.409 – Unauthenticated Passkey Registration via Authentication Bypass

CVE-2026-53871 – Hermes WebUI < 0.51.368 – Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie