CVE-2026-10880

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
04/06/2026
Last modified:
04/06/2026

Description

OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a valid password.