Skip to main content

Powerflex Manager CVE-2026-56689

| EUVDEUVD-2026-42869 HIGH
SQL Injection (CWE-89)
2026-07-10 security_alert@emc.com GHSA-w262-hpqj-c8r8
7.7
CVSS 3.1 · Vendor: emc
Share

Severity by source

Vendor (emc) PRIMARY
7.7 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from Vendor (emc) · only source for this CVE.

CVSS VectorVendor: emc

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 13:01 EUVD
Analysis Generated
Jul 10, 2026 - 12:32 vuln.today

DescriptionCVE.org

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

AnalysisAI

SQL injection in Dell PowerFlex Manager before 5.1.0.1 lets a low-privileged, remotely authenticated user inject crafted SQL into a backend query, resulting in unauthorized reading of database contents (information exposure). The flaw is fixed in 5.1.0.1 per Dell advisory DSA-2026-066, and there is no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

24 hours: Identify all Dell PowerFlex Manager deployments and document current versions; 7 days: Upgrade affected systems (versions before 5.1.0.1) to version 5.1.0.1 or later per Dell advisory DSA-2026-066; 30 days: Confirm all systems are patched and review database query audit logs for suspicious activity.

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-37143 CRITICAL
9.8 Dec 10

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.

CVE-2026-56688 CRITICAL
9.1 Jul 10

Root-level OS command execution in Dell PowerFlex Manager (versions prior to 5.1.0.1) lets a remote, high-privileged att

CVE-2026-56690 HIGH
8.5 Jul 10

SQL injection in Dell PowerFlex Manager prior to version 5.1.0.1 allows a remote, low-privileged authenticated attacker

CVE-2024-37144 MEDIUM
6.7 Dec 10

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.

CVE-2024-47477 MEDIUM
6.5 Jun 17

Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. Rated mediu

CVE-2025-26483 MEDIUM
6.1 May 22

Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft

CVE-2025-32751 MEDIUM
5.5 May 22

Dell PowerFlex Manager versions 4.6.2 and earlier improperly store sensitive information in a manner accessible to low-p

CVE-2025-32747 MEDIUM
5.3 May 22

Incorrect Privilege Assignment in Dell PowerFlex Manager version 4.6.2 and earlier (both Appliance and Rack form factors

CVE-2025-32749 MEDIUM
5.3 May 22

Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate director

CVE-2025-36599 MEDIUM
4.3 Jul 09

Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulne

CVE-2025-32745 MEDIUM
4.2 May 22

Improper certificate validation in Dell PowerFlex Manager version 4.6.2 and earlier allows an unauthenticated attacker o

CVE-2025-32746 MEDIUM
4.0 May 22

Insecure storage of sensitive information in Dell PowerFlex Manager versions up to and including 4.6.2 exposes credentia

Share

CVE-2026-56689 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy