A vulnerability categorized as critical has been discovered in Stonefly Storage Concentrator and Storage Concentrator Virtual Machine. The impacted element is an unknown function of the file debug.pl of the component HTTP Handler. Such manipulation leads to os command injection.

This vulnerability is traded as CVE-2026-56415. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.