Skip to main content

Powerstore EUVDEUVD-2026-17824

| CVE-2026-28265 MEDIUM
Path Traversal: '.../...//' (CWE-35)
2026-04-01 dell
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
4.4.0.0-2692403
EUVD ID Assigned
Apr 01, 2026 - 08:00 euvd
EUVD-2026-17824
Analysis Generated
Apr 01, 2026 - 08:00 vuln.today
CVE Published
Apr 01, 2026 - 07:41 nvd
MEDIUM 4.4

DescriptionCVE.org

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

AnalysisAI

Path traversal vulnerability in Dell PowerStore Service user allows low-privileged local attackers to modify arbitrary system files through improper input validation. The vulnerability affects multiple PowerStore models (500T through 9200T) and requires local access with low-privilege credentials; CVSS 4.4 reflects the local attack vector and limited integrity impact, though the ability to modify system files poses moderate operational risk for storage appliance integrity.

Technical ContextAI

The vulnerability stems from CWE-35 (Path Traversal) in the PowerStore Service user functionality, where insufficient input sanitization permits directory traversal sequences (such as '../' or absolute paths) to escape intended file access boundaries. This allows an attacker to access and modify files outside the intended restricted directory scope. The Service user context suggests the vulnerability exists in a daemon or background process running with elevated privileges relative to the attacking user, enabling modification of system configuration or operational files. Dell PowerStore is an enterprise flash storage array platform; the affected CPE entries indicate the vulnerability spans the entire PowerStore product line including the T-series (500T, 1000T, 1200T, 3000T, 3200T, 5000T, 5200T, 7000T, 9000T, 9200T) and Q-series (3200Q, 5200Q) models.

RemediationAI

Apply the security update provided by Dell in DSA-2026-157, which addresses multiple vulnerabilities including CVE-2026-28265. Visit the Dell support article at https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities for specific patch version numbers, download links, and installation instructions for your PowerStore model. Until patching is completed, restrict local access to PowerStore systems to trusted administrators and service accounts only, review and revoke unnecessary local user accounts, and implement host-level monitoring to detect suspicious file access or modification attempts by the Service user process.

Share

EUVD-2026-17824 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy