Description
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.
Published: 2026-02-03
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Update System
AI Analysis

Impact

The vulnerability in Brocade Fabric OS allows an authenticated local attacker with shell privileges to read insecurely stored files, including the command history, potentially exposing sensitive operational data and configuration details. The issue is classified under CWE-78, but the data does not describe arbitrary command execution, only unauthorized file access.

Affected Systems

Affected products are Brocade Fabric OS versions prior to 9.2.1c2, 9.2.2 through 9.2.2a, and 10.0.0. The impact applies to any installations of the Fabric Operating System running those firmware versions.

Risk and Exploitability

The CVSS score of 8.2 highlights a high severity for disclosure, but the EPSS score is below 1%, suggesting a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. An attacker must first authenticate to the device and possess privileges that allow shell access, which typically requires local administrative rights. Once those prerequisites are met, the attacker can retrieve the raw history file without additional actions.

Generated by OpenCVE AI on April 18, 2026 at 14:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Brocade Fabric OS firmware update to mitigate the disclosed information leakage.
  • If an upgrade is not immediately possible, restrict local shell access to only essential administrators and enforce strict role‑based permissions.
  • Audit the device for any retained command history files and remove or secure them to prevent future disclosure.

Generated by OpenCVE AI on April 18, 2026 at 14:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Broadcom
Broadcom fabric Operating System
CPEs cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:10.0.0:*:*:*:*:*:*:*
Vendors & Products Broadcom
Broadcom fabric Operating System
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Brocade
Brocade fabric Os
Vendors & Products Brocade
Brocade fabric Os

Tue, 03 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Feb 2026 13:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.
Title Information disclosure in Brocade Fabric OS before 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.0
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Broadcom Fabric Operating System
Brocade Fabric Os
cve-icon MITRE

Status: PUBLISHED

Assigner: brocade

Published:

Updated: 2026-02-26T15:04:29.842Z

Reserved: 2025-11-05T20:09:35.549Z

Link: CVE-2026-0383

cve-icon Vulnrichment

Updated: 2026-02-03T16:03:26.465Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-03T04:15:55.840

Modified: 2026-02-06T20:52:11.827

Link: CVE-2026-0383

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:30:02Z

Weaknesses