Unisphere For Powermax
CVE-2026-26358
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
AnalysisAI
Dell Unisphere for PowerMax 10.2 lacks proper authorization checks, allowing authenticated remote attackers to bypass access controls and gain unauthorized administrative capabilities. This missing authorization vulnerability (CWE-862) affects users who have any valid account credentials on affected systems. No patch is currently available, making this a critical risk for organizations operating vulnerable PowerMax installations.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects Unisphere For Powermax. Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Unisphere For Powermax
View allDell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an S
Dell Unisphere for PowerMax 10.2 contains a path traversal vulnerability that allows authenticated remote attackers to o
Dell Unisphere for PowerMax versions 10.2 suffer from a path traversal vulnerability (CWE-73) that allows authenticated
Dell Unisphere for PowerMax 10.2 contains a relative path traversal flaw that allows authenticated remote attackers to m
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. Rated high severity (CVSS
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Rated high severity
Unisphere For Powermax versions up to 9.2.4.18 is affected by improper restriction of xml external entity reference (CVS
Dell Unisphere for PowerMax 10.2 contains a file path control vulnerability that allows authenticated remote attackers t
Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today