CVE Catalog

CVE-2026-50040

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile — higher than 14% of all known CVEs

Summary

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application.

Risk Assessment

The risk includes theft of session cookies, redirection of users to malicious sites, or performing unauthorized actions on behalf of the victim, potentially leading to data confidentiality and integrity breaches.

Recommendation

Immediately update Storage Concentrator to the latest patched version and implement input validation and output encoding for all error pages.

Original NVD description (English source)

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS