🚨CVE-2026-10880: OSNEXUS QuantaStor up to v6.6.1 has an unauthenticated blind SQL injection in the login form. No credentials required. Attackers can recover stored password hashes one character at a time using differing login error responses.
https://blog.blacklanternsecurity.com/p/cve-2026-10880-osnexus-quantastor