Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Stonefly
Stonefly storage Concentrator Stonefly storage Concentrator Virtual Machine |
|
| Vendors & Products |
Stonefly
Stonefly storage Concentrator Stonefly storage Concentrator Virtual Machine |
Wed, 01 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 30 Jun 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system. | |
| Title | OS Command Injection in StoneFly Storage Concentrator | |
| Weaknesses | CWE-78 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-07-01T12:42:03.699Z
Reserved: 2026-06-22T20:13:36.516Z
Link: CVE-2026-56415
Updated: 2026-07-01T12:41:58.554Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T14:00:03Z