VYPR

Hypercloud

by Softx

CVEs (6)

  • CVE-2026-1842MedFeb 20, 2026
    risk 0.40cvss epss 0.00

    HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one…

  • CVE-2024-13058MedDec 30, 2024
    risk 0.31cvss epss 0.00

    An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related…

  • CVE-2025-10650LowSep 18, 2025
    risk 0.12cvss epss 0.00

    SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created…

  • CVE-2023-45085Dec 5, 2023
    risk 0.00cvss epss 0.00

    An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of…

  • CVE-2023-45084Dec 5, 2023
    risk 0.00cvss epss 0.00

    An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and…

  • CVE-2023-45083Dec 5, 2023
    risk 0.00cvss epss 0.00

    An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication…