PatchSiren cyber security CVE debrief
CVE-2026-6445 Everpure CVE debrief
CVE-2026-6445 is a HIGH-severity vulnerability in FlashArray Purity, with a CVSS score of 8.7. The flaw allows an authenticated user with low privileges to access sensitive information due to insufficient filtering of certain data paths. The CVE was published on 2026-06-09T20:17:02.800Z and last modified on 2026-06-10T20:13:47.847Z.
- Vendor
- Everpure
- Product
- FlashArray
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of FlashArray Purity, particularly those with low-privileged authenticated users, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by insufficient filtering of certain data paths in FlashArray Purity, which could expose sensitive information to an authenticated user with low privileges. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to sensitive data paths to only authorized users.
- Monitor system logs for potential exploitation attempts.
Evidence notes
The vendor is identified as Pure Storage, based on the evidence from reference_domain_candidate.
Official resources
-
CVE-2026-6445 CVE record
CVE.org
-
CVE-2026-6445 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-6445 was published on 2026-06-09T20:17:02.800Z and last modified on 2026-06-10T20:13:47.847Z.