PatchSiren cyber security CVE debrief
CVE-2026-10880 Osnexus CVE debrief
CVE-2026-10880 is a critical SQL injection vulnerability in the OSNexus QuantaStor SDS Manager. The vulnerability exists in the login endpoint, where the username field is not properly sanitized before being incorporated into a SQL query. This allows an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a valid password. The vulnerability has a CVSS score of 9.8 and is considered CRITICAL.
- Vendor
- Osnexus
- Product
- QuantaStor
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Administrators and users of OSNexus QuantaStor SDS Manager should be aware of this vulnerability and take immediate action to mitigate it.
Technical summary
The vulnerability is caused by improper sanitization of the username field in the login endpoint, allowing SQL injection attacks. An attacker can exploit this vulnerability to bypass authentication and gain administrative access to the system.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch or update provided by the vendor as soon as possible.
- Restrict access to the login endpoint to trusted IP addresses or networks.
- Monitor system logs for suspicious activity.
Evidence notes
The vulnerability was reported by Blacklanternsecurity and is tracked under CVE-2026-10880.
Official resources
-
CVE-2026-10880 CVE record
CVE.org
-
CVE-2026-10880 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-10880 was published on 2026-06-04T18:16:28.587Z and modified on 2026-06-04T19:15:17.327Z.