VYPR
← All advisories
High severityNVD Advisory· Published Jun 9, 2026

CVE-2026-6445

CVE-2026-6445

Description

FlashArray Purity has a vulnerability allowing low-privilege authenticated users to access sensitive information due to insufficient data path filtering.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

FlashArray Purity has a vulnerability allowing low-privilege authenticated users to access sensitive information due to insufficient data path filtering.

Vulnerability

A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information. This vulnerability affects authenticated users with low privileges. Specific affected versions are not detailed in the available references [1].

Exploitation

An attacker with authenticated, low-privilege access to FlashArray Purity can exploit this vulnerability. The exploitation involves triggering the insufficient filtering of certain data paths to access sensitive information. Further details on the exact steps are not disclosed in the provided references [1].

Impact

Successful exploitation of this vulnerability allows an attacker to expose sensitive information. The scope of the compromise is limited to the information accessible by the low-privilege authenticated user. The specific types of sensitive information exposed are not detailed in the available references [1].

Mitigation

No specific patched versions or release dates are disclosed in the available references. Users are advised to consult Pure Storage security advisories for the latest information on mitigation strategies and potential workarounds [1].

References
  1. Everpure Knowledge portal

AI Insight generated on Jun 9, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.