CVE-2026-0207 | PureStorage FlashBlade up to 4.4.8/4.5.13/4.6.3 log file
VulDBArchived Apr 14, 2026✓ Full text saved
A vulnerability, which was classified as problematic , has been found in PureStorage FlashBlade up to 4.4.8/4.5.13/4.6.3 . This impacts an unknown function. The manipulation leads to sensitive information in log files. This vulnerability is referenced as CVE-2026-0207 . Remote exploitation of the attack is possible. No exploit is available.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-357576 · CVE-2026-0207 · GCVE-0-2026-0207
PURESTORAGE FLASHBLADE UP TO 4.4.8/4.5.13/4.6.3 LOG FILE
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
2.7 $0-$5k 1.86
Summaryinfo
A vulnerability, which was classified as problematic, was found in PureStorage FlashBlade up to 4.4.8/4.5.13/4.6.3. Affected is an unknown function. The manipulation results in log file. This vulnerability is identified as CVE-2026-0207. The attack can be executed remotely. There is not any exploit available.
Detailsinfo
A vulnerability was found in PureStorage FlashBlade up to 4.4.8/4.5.13/4.6.3. It has been classified as problematic. Affected is some unknown functionality. The manipulation with an unknown input leads to a log file vulnerability. CWE is classifying the issue as CWE-532. Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. This is going to have an impact on confidentiality. CVE summarizes:
A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.
The advisory is shared for download at support.purestorage.com. This vulnerability is traded as CVE-2026-0207 since 10/30/2025. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation needs additional levels of successful authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Productinfo
Vendor
PureStorage
Name
FlashBlade
Version
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
4.5.10
4.5.11
4.5.12
4.5.13
4.6.0
4.6.1
4.6.2
4.6.3
CPE 2.3info
🔒
🔒
🔒
CPE 2.2info
🔒
🔒
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3info
VulDB Meta Base Score: 2.7
VulDB Meta Temp Score: 2.7
VulDB Base Score: 2.7
VulDB Temp Score: 2.7
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Log file
CWE: CWE-532 / CWE-200 / CWE-284
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: no mitigation known
Status: 🔍
0-Day Time: 🔒
Timelineinfo
10/30/2025 CVE reserved
04/14/2026 +165 days Advisory disclosed
04/14/2026 +0 days VulDB entry created
04/14/2026 +0 days VulDB entry last update
Sourcesinfo
Advisory: support.purestorage.com
Status: Confirmed
CVE: CVE-2026-0207 (🔒)
GCVE (CVE): GCVE-0-2026-0207
GCVE (VulDB): GCVE-100-357576
Entryinfo
Created: 04/14/2026 21:24
Changes: 04/14/2026 21:24 (64)
Complete: 🔍
Cache ID: 99:7E1:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸