IBM Storage Console Flaw: Unauthenticated RCE Risk
The National Vulnerability Database has disclosed CVE-2026-5935, a high-severity vulnerability impacting IBM Total Storage Service Console (TSSC) and TS4500 IMC versions 9.2, 9.3, 9.4, 9.5, and 9.6. This flaw, rated CVSS 7.3, allows an unauthenticated attacker to execute arbitrary commands with normal user privileges. The root cause is improper validation of user-supplied input, a classic CWE-78 (OS Command Injection) scenario.
This isn’t a complex exploit. The fact that it’s unauthenticated and grants command execution is what makes it dangerous. An attacker doesn’t need to bypass authentication to gain a foothold. While the privileges are ‘normal user,’ this often provides enough access to pivot, escalate privileges, or disrupt critical storage operations. For storage infrastructure, even a limited compromise can have devastating data availability and integrity implications.
Defenders need to treat any unauthenticated RCE on critical infrastructure as a top priority. This vulnerability puts core storage systems at risk, which are often overlooked in standard perimeter security. The attacker’s calculus here is simple: find an exposed IBM TSSC or TS4500 IMC, send a crafted request, and you’re in. This is a direct path to internal network access and potential data manipulation.
What This Means For You
- If your organization uses IBM Total Storage Service Console (TSSC) or TS4500 IMC versions 9.2 through 9.6, you need to immediately identify all instances and check for available patches. Prioritize these systems for patching, as an unauthenticated attacker can execute commands on them with minimal effort. Do not underestimate the impact of 'normal user' privileges on critical storage infrastructure.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-5935 - IBM Storage Console Unauthenticated RCE via Command Injection
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-5935 | Command Injection | IBM Total Storage Service Console (TSSC) / TS4500 IMC versions 9.2, 9.3, 9.4, 9.5, 9.6 |
| CVE-2026-5935 | RCE | Unauthenticated arbitrary command execution with normal user privileges |
| CVE-2026-5935 | Input Validation | Improper validation of user supplied input |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 23, 2026 at 03:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-6878 — ByteDance Verl Vulnerability
CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to...
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...
CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2
CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0...