Description
A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.
Published: 2026-04-14
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Immediate Patch
AI Analysis

Impact

FlashBlade can inadvertently record confidential data in log files when particular conditions are met. The vulnerability permits an attacker who can access those logs to read sensitive information, compromising confidentiality. It results from improper handling of data before logging, matching CWE‑532.

Affected Systems

PureStorage FlashBlade environments that use Purity//FB releases earlier than 4.5.14 or 4.6.4 are affected. All previous FlashBlade firmware versions are susceptible to sensitive data logging until the vendor provides the patch.

Risk and Exploitability

The CVSS score of 8.5 indicates high overall risk. Because the CVE lacks an EPSS score and is not listed in the CISA KEV catalog, the probability of public exploitation is currently unknown, but the impact of exposure remains significant. Attackers would need the ability to read log files, which may be possible through local or privileged access; the exact attack vector is not detailed in the description and is thus inferred based on the vulnerability type.

Generated by OpenCVE AI on April 14, 2026 at 20:29 UTC.

Remediation

Vendor Solution

This issue is resolved in the following FlashBlade Purity//FB releases: * Purity//FB 4.5.14 or later * Purity//FB 4.6.4 or later

OpenCVE Recommended Actions

  • Apply a FlashBlade release 4.5.14 or later, or 4.6.4 or later, as recommended by PureStorage.
  • Verify that all log outputs are secured and that log files are protected against unauthorized read access.
  • Audit existing logs for accidental disclosure of sensitive data and purge or anonymize any exposed information.

Generated by OpenCVE AI on April 14, 2026 at 20:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Purestorage
Purestorage flashblade
CPEs cpe:2.3:a:purestorage:flashblade:*:*:*:*:*:*:*:*
Vendors & Products Purestorage
Purestorage flashblade

Tue, 14 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.
Title Sensitive Information Logging Vulnerability in FlashBlade
Weaknesses CWE-532
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Purestorage Flashblade
cve-icon MITRE

Status: PUBLISHED

Assigner: PureStorage

Published:

Updated: 2026-04-14T21:55:52.041Z

Reserved: 2025-10-30T16:15:36.793Z

Link: CVE-2026-0207

cve-icon Vulnrichment

Updated: 2026-04-14T18:48:01.029Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-14T18:16:41.800

Modified: 2026-04-17T15:38:09.243

Link: CVE-2026-0207

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T14:41:09Z

Weaknesses