What is the CVSS score of CVE-2026-21418?

CVE-2026-21418 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Unity Operating Environment are affected by CVE-2026-21418?

Dell Unity storage systems running version 5.5.2 or earlier are vulnerable to OS command injection attacks that could allow attackers to execute arbitrary commands with elevated privileges.

Unity Operating Environment CVE-2026-21418

HIGH

OS Command Injection (CWE-78)

2026-01-30 security_alert@emc.com

Command Injection Unity Operating Environment

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

CVE Published

Jan 30, 2026 - 09:15 nvd

HIGH 7.8

DescriptionNVD

Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

AnalysisAI

Dell Unity versions 5.5.2 and earlier suffer from an OS command injection vulnerability that allows local attackers with low privileges to execute arbitrary commands with root-level access. The flaw stems from improper input validation in command processing, enabling privilege escalation on affected systems. …

RemediationAI

Within 24 hours: Inventory all Dell Unity deployments and identify systems running version 5.5.2 or prior; implement network segmentation to restrict management interface access. Within 7 days: Deploy WAF rules to filter malicious command injection patterns in API requests; disable non-essential remote management features if operationally feasible; increase monitoring and logging on affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-21418 vulnerability details – vuln.today

Back

Unity Operating Environment CVE-2026-21418

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code