Unisphere For Powermax
CVE-2026-26361
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
AnalysisAI
Dell Unisphere for PowerMax 10.2 contains a file path control vulnerability that allows authenticated remote attackers to disclose sensitive information. The vulnerability requires low-privileged credentials and network access but no user interaction, making it accessible to internal threats or compromised accounts. Currently no patch is available to remediate this issue.
Technical ContextAI
Affects Unisphere For Powermax. Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Unisphere For Powermax
View allRemote command execution in Dell Unisphere for PowerMax versions 10.3.0.5 and prior allows a low-privileged authenticate
Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an S
Dell Unisphere for PowerMax 10.2 lacks proper authorization checks, allowing authenticated remote attackers to bypass ac
Dell Unisphere for PowerMax 10.2 contains a path traversal vulnerability that allows authenticated remote attackers to o
Dell Unisphere for PowerMax versions 10.2 suffer from a path traversal vulnerability (CWE-73) that allows authenticated
Dell Unisphere for PowerMax 10.2 contains a relative path traversal flaw that allows authenticated remote attackers to m
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. Rated high severity (CVSS
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Rated high severity
Unisphere For Powermax versions up to 9.2.4.18 is affected by improper restriction of xml external entity reference (CVS
Path traversal in Dell Unisphere for PowerMax 10.3.0.5 and prior exposes arbitrary files on the underlying server to rem
Unauthorized file disclosure in Dell Unisphere for PowerMax 10.3.0.5 and prior is achievable by a remote low-privileged
Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an
Same weakness CWE-73 – External Control of File Name or Path
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today