CVE-2026-10880
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
04/06/2026
Last modified:
04/06/2026
Description
OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a valid password.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL



