Home / Vulnerability Intelligence / CVE-2026-2072

CVE-2026-2072 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 25, 2026

Hitachi Infrastructure Analytics Advisor & Hitachi Ops Center Analyzer - Stored XSS

Published: March 25, 2026Updated: March 25, 2026Remote Exploitable

Overview

Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer from 10.0.0-00 before 11.0.5-00 contain a stored cross-site scripting caused by improper input sanitization in the Analytics probe component, letting remote attackers execute scripts, exploit requires no special privileges.

Severity & Score

Severity: High

CVSS Score: 8.2

EPSS Score: 4.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.

Mitigation

Update to version 11.0.5-00 or later.

References

https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-114/index.html

Social Media Activity(1 post)

Offensive Sequence

@offseq

Mar 25, 2026

⚠️ HIGH-severity XSS (CVE-2026-2072, CVSS 8.2) in Hitachi Infrastructure Analytics Advisor & Ops Center Analyzer <11.0.5-00. Exploitable by low-privilege users. Patch when available, restrict access, enable WAF. https://radar.offseq.com/threat/cve-2026-2072-cwe-79-improper-neutralization-of-in-c6f3add7 #OffSeq #XSS #Vuln #Hitachi

View original post

Related Resources

Details

CVE ID: CVE-2026-2072
Severity: High
CVSS Score: 8.2
Type: stored_xss
Status: unconfirmed
EPSS: 4.0%
Social Posts: 1

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

EPSS Score

4.0%Probability of exploitation in the next 30 days