Hardcoded Credentials Vulnerability in Storage Concentrator by Stonefly
CVE-2026-50110
What is CVE-2026-50110?
The Storage Concentrator product line by Stonefly is susceptible to a vulnerability that involves hardcoded credentials for various internal services embedded within its configuration file. Although these credentials are encoded, the encoding can be easily reversed to obtain plaintext. As a result, malicious actors could gain unauthorized access to a significant number of interconnected systems, including database accounts, licensing management, replication services, and third-party integrations. This widespread vulnerability poses a considerable risk to the security and integrity of organizational data and processes.
Affected Version(s)
Storage Concentrator 0 < 8.0.4.26
Storage Concentrator Virtual Machine 0 < 8.0.4.26
Storage Concentrator 8.0.4.29
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved
