{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0207", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "state": "PUBLISHED", "assignerShortName": "PureStorage", "dateReserved": "2025-10-30T16:15:36.793Z", "datePublished": "2026-04-14T17:53:42.785Z", "dateUpdated": "2026-04-14T21:55:52.041Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2026-04-14T21:55:52.041Z"}, "title": "Sensitive Information Logging Vulnerability in FlashBlade", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532 Insertion of sensitive information into log file", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-268", "descriptions": [{"lang": "en", "value": "CAPEC-268 Audit Log Manipulation"}]}], "affected": [{"vendor": "PureStorage", "product": "FlashBlade", "versions": [{"status": "affected", "version": "4.0.0", "lessThanOrEqual": "4.4.8", "versionType": "custom"}, {"status": "affected", "version": "4.6.0", "lessThanOrEqual": "4.6.3", "versionType": "custom"}, {"status": "affected", "version": "4.5.0", "lessThanOrEqual": "4.5.13", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:purestorage:flashblade:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndIncluding": "4.4.8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:purestorage:flashblade:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6.0", "versionEndIncluding": "4.6.3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:purestorage:flashblade:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0", "versionEndIncluding": "4.5.13"}]}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions."}]}], "references": [{"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"}}], "solutions": [{"lang": "en", "value": "This issue is resolved in the following FlashBlade Purity//FB releases:\n\n * Purity//FB 4.5.14 or later\n\n\n * Purity//FB 4.6.4 or later", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>This issue is resolved in the following FlashBlade Purity//FB releases:</p><ul><li><p>Purity//FB 4.5.14 or later</p></li><li><p>Purity//FB 4.6.4 or later</p></li></ul>"}]}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T18:46:25.371315Z", "id": "CVE-2026-0207", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T18:48:09.639Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0207", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T18:46:25.371315Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T18:48:01.029Z"}}], "cna": {"title": "Sensitive Information Logging Vulnerability in FlashBlade", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-268", "descriptions": [{"lang": "en", "value": "CAPEC-268 Audit Log Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PureStorage", "product": "FlashBlade", "versions": [{"status": "affected", "version": "4.0.0", "versionType": "custom", "lessThanOrEqual": "4.4.8"}, {"status": "affected", "version": "4.6.0", "versionType": "custom", "lessThanOrEqual": "4.6.3"}, {"status": "affected", "version": "4.5.0", "versionType": "custom", "lessThanOrEqual": "4.5.13"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue is resolved in the following FlashBlade Purity//FB releases:\n\n * Purity//FB 4.5.14 or later\n\n\n * Purity//FB 4.6.4 or later", "supportingMedia": [{"type": "text/html", "value": "<p>This issue is resolved in the following FlashBlade Purity//FB releases:</p><ul><li><p>Purity//FB 4.5.14 or later</p></li><li><p>Purity//FB 4.6.4 or later</p></li></ul>", "base64": false}]}], "references": [{"url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of sensitive information into log file"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:purestorage:flashblade:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "4.4.8", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:purestorage:flashblade:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "4.6.3", "versionStartIncluding": "4.6.0"}, {"criteria": "cpe:2.3:a:purestorage:flashblade:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "4.5.13", "versionStartIncluding": "4.5.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2026-04-14T21:55:52.041Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0207", "state": "PUBLISHED", "dateUpdated": "2026-04-14T21:55:52.041Z", "dateReserved": "2025-10-30T16:15:36.793Z", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "datePublished": "2026-04-14T17:53:42.785Z", "assignerShortName": "PureStorage"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions."}], "id": "CVE-2026-0207", "lastModified": "2026-04-14T18:16:41.800", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@purestorage.com", "type": "Secondary"}]}, "published": "2026-04-14T18:16:41.800", "references": [{"source": "psirt@purestorage.com", "url": "https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"}], "sourceIdentifier": "psirt@purestorage.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@purestorage.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.0.0,4.4.8]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.6.0,4.6.3]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.5.0,4.5.13]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FlashBlade", "source": "cna", "vendor": "PureStorage"}, "product": "flashblade", "vendor": "purestorage"}], "analysis": {"en": {"generated_at": "2026-04-14T20:29:15.133411+00:00", "value": {"mitigation_remediation": ["Apply a FlashBlade release 4.5.14 or later, or 4.6.4 or later, as recommended by PureStorage.", "Verify that all log outputs are secured and that log files are protected against unauthorized read access.", "Audit existing logs for accidental disclosure of sensitive data and purge or anonymize any exposed information."], "summary": {"action": "Immediate Patch", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "PureStorage FlashBlade environments that use Purity//FB releases earlier than 4.5.14 or 4.6.4 are affected. All previous FlashBlade firmware versions are susceptible to sensitive data logging until the vendor provides the patch.", "description_and_impact": "FlashBlade can inadvertently record confidential data in log files when particular conditions are met. The vulnerability permits an attacker who can access those logs to read sensitive information, compromising confidentiality. It results from improper handling of data before logging, matching CWE\u2011532.", "risk_and_exploitability": "The CVSS score of 8.5 indicates high overall risk. Because the CVE lacks an EPSS score and is not listed in the CISA KEV catalog, the probability of public exploitation is currently unknown, but the impact of exposure remains significant. Attackers would need the ability to read log files, which may be possible through local or privileged access; the exact attack vector is not detailed in the description and is thus inferred based on the vulnerability type."}}}}, "created": "2026-04-15T14:31:56.907819+00:00", "updated": "2026-04-15T14:41:09.776861+00:00", "vendors": ["purestorage", "purestorage$PRODUCT$flashblade"]}