Skip to main content

Dell PowerFlex Manager CVE-2026-32804

HIGH
Improper Authentication (CWE-287)
2026-06-17 dell
Dell Authentication Bypass Powerflex
8.1
CVSS 3.1 · Vendor: dell
Share

Severity by source

Vendor (dell) PRIMARY
8.1 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
vuln.today AI
8.1 HIGH

Adjacent management-network reachability (AV:A), no auth or interaction per CWE-287 bypass, and high integrity/availability impact on storage management without disclosed confidentiality loss.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorVendor: dell

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 15:36 vuln.today

DescriptionCVE.org

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access.

AnalysisAI

Authentication bypass in Dell PowerFlex Manager allows an unauthenticated attacker with adjacent-network access to gain unauthorized access to the management plane, with high impact to integrity and availability of the software-defined storage fabric. Dell's DSA-2026-066 advisory addresses this and other PowerFlex flaws; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain foothold on adjacent management VLAN
Delivery
Discover PowerFlex Manager endpoint
Exploit
Send crafted unauthenticated request bypassing auth
Execution
Invoke privileged management API
Impact
Modify storage configuration or disrupt service
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must have layer-2/adjacent network reachability to PowerFlex Manager (AV:A) - typically presence on the storage/management VLAN via a compromised host on that segment, a misconfigured trunk, or a flat network. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed: CVSS 8.1 (High) with AV:A/AC:L/PR:N/UI:N/C:N/I:H/A:H reflects easy, unauthenticated abuse once on the adjacent network and serious integrity/availability impact on storage management - a meaningful concern because PowerFlex underpins production storage. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who gains a foothold on the same management VLAN - for example via a compromised hypervisor host, monitoring appliance, or admin workstation - sends crafted requests to the PowerFlex Manager API that bypass authentication and act as a privileged user. From there they could alter storage configuration, disrupt protection domains, or take management actions impacting integrity and availability of the storage fabric; no public exploit identified at time of analysis.
Remediation Patch available per vendor advisory: apply the PowerFlex Manager update referenced in Dell DSA-2026-066 (https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities) as soon as a maintenance window permits, since the exact fixed version is not enumerated in the public CVE record. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all Dell PowerFlex Manager deployments and document their network connectivity, particularly access from adjacent network segments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35065 HIGH
8.8 Jun 17

Missing authentication on a critical function in Dell PowerFlex Manager allows an adjacent-network attacker to invoke pr
CVE-2026-49502 HIGH
8.1 Jun 17

Improper authentication in Dell PowerFlex Manager allows unauthenticated attackers with adjacent network access to bypas
CVE-2026-35069 HIGH
8.0 Jun 17

SQL injection in Dell PowerFlex Manager allows a low-privileged attacker with adjacent-network access to inject SQL comm
CVE-2026-35067 HIGH
8.0 Jun 17

Privilege escalation in Dell PowerFlex Manager allows a low-privileged attacker on an adjacent network segment to bypass
CVE-2026-22283 HIGH
7.5 Jun 17

Information disclosure in Dell PowerFlex Manager versions prior to 4.8 stems from inclusion of functionality from an unt

Share

CVE-2026-32804 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy