Hardcoded Credentials Vulnerability in Storage Concentrator by Stonefly
CVE-2026-50110

9.3CRITICAL

What is CVE-2026-50110?

The Storage Concentrator product line by Stonefly is susceptible to a vulnerability that involves hardcoded credentials for various internal services embedded within its configuration file. Although these credentials are encoded, the encoding can be easily reversed to obtain plaintext. As a result, malicious actors could gain unauthorized access to a significant number of interconnected systems, including database accounts, licensing management, replication services, and third-party integrations. This widespread vulnerability poses a considerable risk to the security and integrity of organizational data and processes.

Affected Version(s)

Storage Concentrator 0 < 8.0.4.26

Storage Concentrator Virtual Machine 0 < 8.0.4.26

Storage Concentrator 8.0.4.29

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

David Yesland of Rhino Security Labs reported this vulnerability to CISA.
.