Unisphere For Powermax
CVE-2026-26359
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.
AnalysisAI
Dell Unisphere for PowerMax 10.2 contains a path traversal vulnerability that allows authenticated remote attackers to overwrite arbitrary files on the system. This HIGH severity flaw (CVSS 8.8) requires only low privileges and network access to exploit, potentially enabling complete system compromise. No patch is currently available for this vulnerability.
Technical ContextAI
Affects Unisphere For Powermax. Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Unisphere For Powermax
View allDell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an S
Dell Unisphere for PowerMax 10.2 lacks proper authorization checks, allowing authenticated remote attackers to bypass ac
Dell Unisphere for PowerMax versions 10.2 suffer from a path traversal vulnerability (CWE-73) that allows authenticated
Dell Unisphere for PowerMax 10.2 contains a relative path traversal flaw that allows authenticated remote attackers to m
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. Rated high severity (CVSS
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Rated high severity
Unisphere For Powermax versions up to 9.2.4.18 is affected by improper restriction of xml external entity reference (CVS
Dell Unisphere for PowerMax 10.2 contains a file path control vulnerability that allows authenticated remote attackers t
Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an
Same weakness CWE-73 – External Control of File Name or Path
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today