CVE-2026-21418
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Analysis
Dell Unity versions 5.5.2 and earlier suffer from an OS command injection vulnerability that allows local attackers with low privileges to execute arbitrary commands with root-level access. The flaw stems from improper input validation in command processing, enabling privilege escalation on affected systems. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Dell Unity deployments and identify systems running version 5.5.2 or prior; implement network segmentation to restrict management interface access. Within 7 days: Deploy WAF rules to filter malicious command injection patterns in API requests; disable non-essential remote management features if operationally feasible; increase monitoring and logging on affected systems. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today