CVE-2026-10880
Unauthenticated SQL Injection in Osnexus Quantastor
OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a valid password.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Osnexus · QuantaStorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →