IM
IronMonkey Threat Research

CVE-2026-55721 CRITICAL

Published: 2026-06-30 | Last Modified: 2026-07-01 | Status: Deferred

Description

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys.

CVSS Metrics

Base Score: 9.3 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeCHANGED
Confidentiality ImpactHIGH
Integrity ImpactLOW
Availability ImpactNONE

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 4.7

Base Score: 9.2 (CRITICAL)

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorNETWORK
Attack ComplexityLOW
Attack RequirementsNONE
Privileges RequiredNONE
User InteractionNONE
Vulnerability ConfidentialityHIGH
Vulnerability IntegrityLOW
Vulnerability AvailabilityNONE
Subsequent ConfidentialityHIGH
Subsequent IntegrityLOW
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-89
Notification
Message here