CRITICAL
Osnexus
CVE published 2026-06-04
CVE-2026-10880
CVE-2026-10880 is a critical SQL injection vulnerability in the OSNexus QuantaStor SDS Manager. The vulnerability exists in the login endpoint, where the username field is not properly sanitized before being incorporated into a SQL query. This allows an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a valid password. The vulnerability has a CVSS s [truncated]