Skip to main content

Dell CVE-2026-27101

| EUVDEUVD-2026-17822 MEDIUM
Path Traversal (CWE-22)
2026-04-01 dell
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
5.34.00.00
EUVD ID Assigned
Apr 01, 2026 - 08:00 euvd
EUVD-2026-17822
Analysis Generated
Apr 01, 2026 - 08:00 vuln.today
CVE Published
Apr 01, 2026 - 07:27 nvd
MEDIUM 4.7

DescriptionCVE.org

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution.

AnalysisAI

Path traversal vulnerability in Dell Secure Connect Gateway (SCG) versions 5.28.00.xx through 5.32.00.xx allows high-privileged attackers on the management network to bypass directory restrictions and achieve remote code execution. With a CVSS score of 4.7 and requiring high privilege level access, this vulnerability poses moderate risk to organizations running vulnerable SCG versions but is limited by the need for administrative-level attacker access within the management network. No public exploit code or active exploitation has been confirmed at time of analysis.

Technical ContextAI

The vulnerability stems from improper input validation in path handling mechanisms within Dell SCG, specifically a path traversal flaw (CWE-22) that fails to properly restrict file access to intended directories. Dell SCG is an enterprise secure gateway appliance and application that manages remote secure connectivity; the affected versions run between 5.28.00.xx and 5.32.00.xx across both the appliance and application deployment models. By crafting malicious path inputs with directory traversal sequences (such as '../' notation), a high-privileged attacker positioned within the management network can escape sandbox restrictions, access sensitive files outside the intended directory structure, and potentially escalate to remote code execution by writing to executable paths or configuration files.

RemediationAI

Organizations should upgrade Dell SCG to version 5.33.00.xx or later, which contains the security fix for this path traversal vulnerability. Interim mitigations pending patching include restricting network access to the SCG management interface to only trusted administrator IP ranges and implementing strict role-based access control to limit which users can access administrative functions. Detailed guidance and the security update are available in Dell's security advisory DSA-2026-020 at https://www.dell.com/support/kbdoc/en-us/000438589/dsa-2026-020-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities.

More in Dell

View all
CVE-2012-2962 MEDIUM POC
6.5 Jul 30

SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2

CVE-2014-8420 CRITICAL POC
9.0 Nov 25

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before

CVE-2012-3951 HIGH POC
7.5 Jul 31

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default passwor

CVE-2014-4977 MEDIUM POC
6.5 Jul 16

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute

CVE-2026-22769 CRITICAL
10.0 Feb 17

Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) t

CVE-2014-125113 CRITICAL POC
9.3 Aug 05

An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance vers

CVE-2012-2626 MEDIUM POC
5.0 Jul 31

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not requir

CVE-2014-8272 MEDIUM POC
5.0 Dec 19

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57

CVE-2017-10955 HIGH
8.8 Oct 19

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection

CVE-2012-2627 CRITICAL POC
9.4 Jul 31

d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote at

CVE-2021-21551 HIGH POC
7.8 May 04

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privile

CVE-2025-36604 HIGH POC
7.3 Aug 04

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('

Share

CVE-2026-27101 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy