Dell PowerFlex Manager
CVE-2026-35162
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Low-privileged remote authentication required to reach the access control flaw; impact is availability-only with no confidentiality or integrity exposure.
Primary rating from Vendor (dell).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionNVD
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
AnalysisAI
Dell PowerFlex Manager's improper access control (CWE-284) permits a remote, low-privileged attacker to cause a denial of service condition against the management platform. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms the attack is network-reachable with minimal complexity once credentials are obtained, and is limited in scope to availability degradation (A:L). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold valid low-privileged credentials for Dell PowerFlex Manager and have network-level access to the management interface - confirmed by CVSS PR:L and AV:N respectively. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The overall risk is moderate and contextually bounded. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or been issued low-privileged credentials to Dell PowerFlex Manager - such as a read-only operator account - sends a sequence of crafted requests that the application's access control layer incorrectly permits, triggering a denial of service condition on the management platform. No public proof-of-concept code exists at time of analysis, and exploitation requires authenticated network access, limiting opportunistic mass exploitation. |
| Remediation | Apply the security update issued by Dell per advisory DSA-2026-066 at https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Missing authentication on a critical function in Dell PowerFlex Manager allows an adjacent-network attacker to invoke pr
Authentication bypass in Dell PowerFlex Manager allows an unauthenticated attacker with adjacent-network access to gain
Improper authentication in Dell PowerFlex Manager allows unauthenticated attackers with adjacent network access to bypas
SQL injection in Dell PowerFlex Manager allows a low-privileged attacker with adjacent-network access to inject SQL comm
Privilege escalation in Dell PowerFlex Manager allows a low-privileged attacker on an adjacent network segment to bypass
Share
External POC / Exploit Code
Leaving vuln.today