Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 30 Jun 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems. | |
| Title | Use of Hard-coded Credentials in StoneFly Storage Concentrator | |
| Weaknesses | CWE-798 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-06-30T22:54:42.362Z
Reserved: 2026-06-22T20:13:36.505Z
Link: CVE-2026-50110
No data.
No data.
No data.
OpenCVE Enrichment
No data.