Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.
History

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.
Title Use of Hard-coded Credentials in StoneFly Storage Concentrator
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 9.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-30T22:54:42.362Z

Reserved: 2026-06-22T20:13:36.505Z

Link: CVE-2026-50110

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.