Dell

In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are unhashed Ceph can call d_add(dentry, NULL) on a negative dentry that is already present in the primary dcache hash. In the current VFS that is not safe. d_add() goes through __d_add() to __d_rehash(), which unconditionally reinserts dentry->d_hash into the hlist_bl bucket. If the dentry is already hashed, reinserting the same node can corrupt the bucket, including creating a self-loop. Once that happens, __d_lookup() can spin forever in the hlist_bl walk, typically looping only on the d_name.hash mismatch check and eventually triggering RCU stall reports like this one: rcu: INFO: rcu_sched self-detected stall on CPU rcu: 87-....: (2100 ticks this GP) idle=3a4c/1/0x4000000000000000 softirq=25003319/25003319 fqs=829 rcu: (t=2101 jiffies g=79058445 q=698988 ncpus=192) CPU: 87 UID: 2952868916 PID: 3933303 Comm: php-cgi8.3 Not tainted 6.18.17-i1-amd #950 NONE Hardware name: Dell Inc. PowerEdge R7615/0G9DHV, BIOS 1.6.6 09/22/2023 RIP: 0010:__d_lookup+0x46/0xb0 Code: c1 e8 07 48 8d 04 c2 48 8b 00 49 89 fc 49 89 f5 48 89 c3 48 83 e3 fe 48 83 f8 01 77 0f eb 2d 0f 1f 44 00 00 48 8b 1b 48 85 db <74> 20 39 6b 18 75 f3 48 8d 7b 78 e8 ba 85 d0 00 4c 39 63 10 74 1f RSP: 0018:ff745a70c8253898 EFLAGS: 00000282 RAX: ff26e470054cb208 RBX: ff26e470054cb208 RCX: 000000006e958966 RDX: ff26e48267340000 RSI: ff745a70c82539b0 RDI: ff26e458f74655c0 RBP: 000000006e958966 R08: 0000000000000180 R09: 9cd08d909b919a89 R10: ff26e458f74655c0 R11: 0000000000000000 R12: ff26e458f74655c0 R13: ff745a70c82539b0 R14: d0d0d0d0d0d0d0d0 R15: 2f2f2f2f2f2f2f2f FS: 00007f5770896980(0000) GS:ff26e482c5d88000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5764de50c0 CR3: 000000a72abb5001 CR4: 0000000000771ef0 PKRU: 55555554 Call Trace: <TASK> lookup_fast+0x9f/0x100 walk_component+0x1f/0x150 link_path_walk+0x20e/0x3d0 path_lookupat+0x68/0x180 filename_lookup+0xdc/0x1e0 vfs_statx+0x6c/0x140 vfs_fstatat+0x67/0xa0 __do_sys_newfstatat+0x24/0x60 do_syscall_64+0x6a/0x230 entry_SYSCALL_64_after_hwframe+0x76/0x7e This is reachable with reused cached negative dentries. A Ceph lookup or atomic_open can be handed a negative dentry that is already hashed, and fs/ceph/dir.c then hits one of two paths that incorrectly assume "negative" also means "unhashed": - ceph_finish_lookup(): MDS reply is -ENOENT with no trace -> d_add(dentry, NULL) - ceph_lookup(): local ENOENT fast path for a complete directory with shared caps -> d_add(dentry, NULL) Both paths can therefore re-add an already-hashed negative dentry. Ceph already uses the correct pattern elsewhere: ceph_fill_trace() only calls d_add(dn, NULL) for a negative null-dentry reply when d_unhashed(dn) is true. Fix both fs/ceph/dir.c sites the same way: only call d_add() for a negative dentry when it is actually unhashed. If the negative dentry is already hashed, leave it in place and reuse it as-is. This preserves the existing behavior for unhashed dentries while avoiding d_hash list corruption for reused hashed negatives.

In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlb_arp_recv during bond up/down The ALB RX path may access rx_hashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlb_deinitialize() frees rx_hashtbl while RX handlers are still running, leading to a null pointer dereference detected by KASAN. However, the root cause is that rlb_arp_recv() can still be accessed after setting recv_probe to NULL, which is actually a use-after-free (UAF) issue. That is the reason for using the referenced commit in the Fixes tag. [ 214.174138] Oops: general protection fault, probably for non-canonical address 0xdffffc000000001d: 0000 [#1] SMP KASAN PTI [ 214.186478] KASAN: null-ptr-deref in range [0x00000000000000e8-0x00000000000000ef] [ 214.194933] CPU: 30 UID: 0 PID: 2375 Comm: ping Kdump: loaded Not tainted 6.19.0-rc8+ #2 PREEMPT(voluntary) [ 214.205907] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.14.0 01/14/2022 [ 214.214357] RIP: 0010:rlb_arp_recv+0x505/0xab0 [bonding] [ 214.220320] Code: 0f 85 2b 05 00 00 48 b8 00 00 00 00 00 fc ff df 40 0f b6 ed 48 c1 e5 06 49 03 ad 78 01 00 00 48 8d 7d 28 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 12 05 00 00 80 7d 28 00 0f 84 8c 00 [ 214.241280] RSP: 0018:ffffc900073d8870 EFLAGS: 00010206 [ 214.247116] RAX: dffffc0000000000 RBX: ffff888168556822 RCX: ffff88816855681e [ 214.255082] RDX: 000000000000001d RSI: dffffc0000000000 RDI: 00000000000000e8 [ 214.263048] RBP: 00000000000000c0 R08: 0000000000000002 R09: ffffed11192021c8 [ 214.271013] R10: ffff8888c9010e43 R11: 0000000000000001 R12: 1ffff92000e7b119 [ 214.278978] R13: ffff8888c9010e00 R14: ffff888168556822 R15: ffff888168556810 [ 214.286943] FS: 00007f85d2d9cb80(0000) GS:ffff88886ccb3000(0000) knlGS:0000000000000000 [ 214.295966] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 214.302380] CR2: 00007f0d047b5e34 CR3: 00000008a1c2e002 CR4: 00000000001726f0 [ 214.310347] Call Trace: [ 214.313070] <IRQ> [ 214.315318] ? __pfx_rlb_arp_recv+0x10/0x10 [bonding] [ 214.320975] bond_handle_frame+0x166/0xb60 [bonding] [ 214.326537] ? __pfx_bond_handle_frame+0x10/0x10 [bonding] [ 214.332680] __netif_receive_skb_core.constprop.0+0x576/0x2710 [ 214.339199] ? __pfx_arp_process+0x10/0x10 [ 214.343775] ? sched_balance_find_src_group+0x98/0x630 [ 214.349513] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 214.356513] ? arp_rcv+0x307/0x690 [ 214.360311] ? __pfx_arp_rcv+0x10/0x10 [ 214.364499] ? __lock_acquire+0x58c/0xbd0 [ 214.368975] __netif_receive_skb_one_core+0xae/0x1b0 [ 214.374518] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 214.380743] ? lock_acquire+0x10b/0x140 [ 214.385026] process_backlog+0x3f1/0x13a0 [ 214.389502] ? process_backlog+0x3aa/0x13a0 [ 214.394174] __napi_poll.constprop.0+0x9f/0x370 [ 214.399233] net_rx_action+0x8c1/0xe60 [ 214.403423] ? __pfx_net_rx_action+0x10/0x10 [ 214.408193] ? lock_acquire.part.0+0xbd/0x260 [ 214.413058] ? sched_clock_cpu+0x6c/0x540 [ 214.417540] ? mark_held_locks+0x40/0x70 [ 214.421920] handle_softirqs+0x1fd/0x860 [ 214.426302] ? __pfx_handle_softirqs+0x10/0x10 [ 214.431264] ? __neigh_event_send+0x2d6/0xf50 [ 214.436131] do_softirq+0xb1/0xf0 [ 214.439830] </IRQ> The issue is reproducible by repeatedly running ip link set bond0 up/down while receiving ARP messages, where rlb_arp_recv() can race with rlb_deinitialize() and dereference a freed rx_hashtbl entry. Fix this by setting recv_probe to NULL and then calling synchronize_net() to wait for any concurrent RX processing to finish. This ensures that no RX handler can access rx_hashtbl after it is freed in bond_alb_deinitialize().

Dell PowerFlex Manager versions 4.6.2 and earlier improperly store sensitive information in a manner accessible to low-privileged local users, resulting in unauthorized disclosure of confidential data with high confidentiality impact per CVSS. Affected deployments span both the Appliance and Rack form factors of the platform. No public exploit code has been identified at time of analysis and CISA KEV does not list this vulnerability, though the CWE-922 root cause and the 'Authentication Bypass' tag suggest the exposed data may include credentials or tokens that could enable downstream privilege escalation or lateral movement.

Broken or risky cryptographic algorithm use in Dell PowerFlex Manager's SSH component (versions ≤4.6.2) allows a locally authenticated low-privileged attacker to bypass SSH protection mechanisms, affecting both Appliance and Rack form factors. The CVSS vector (AV:L/AC:H/PR:L) reflects significant exploitation barriers: physical or logical local access is required, attack complexity is high, and impact is limited to partial confidentiality and integrity loss with no availability impact. Dell has published dual advisories (DSA-2025-434 for Appliance, DSA-2025-435 for Rack); no public exploit or CISA KEV listing exists at time of analysis.

Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft malicious application URLs that silently redirect targeted users to arbitrary attacker-controlled web destinations. Exploitation requires user interaction (CVSS UI:R) - a victim must follow a specially crafted link - but no authentication or special privileges are needed on the attacker's side. The primary risk is phishing: because the initial URL appears to point at a legitimate Dell infrastructure management portal, users are more likely to trust and follow it, making credential theft or sensitive data disclosure against PowerFlex administrators a realistic outcome. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Improper certificate validation in Dell PowerFlex Manager version 4.6.2 and earlier allows an unauthenticated attacker on an adjacent network to intercept and tamper with protected communications. The flaw (CWE-295) means the product fails to adequately verify peer certificates during TLS/SSL exchanges, enabling a man-in-the-middle position to read or modify in-transit management data. No active exploitation is confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis.

Insecure storage of sensitive information in Dell PowerFlex Manager versions up to and including 4.6.2 exposes credentials, keys, or configuration secrets to any attacker with local OS-level access to the appliance - no PowerFlex Manager authentication required. The CVSS vector (AV:L/AC:L/PR:N/UI:N) confirms the attacker needs only local system access, not application credentials, to retrieve the improperly protected data. No public exploit identified at time of analysis and no CISA KEV listing; however, the 'Authentication Bypass' tag in the intelligence data suggests the exposed sensitive material may itself enable downstream privilege escalation or authentication bypass against PowerFlex or its managed infrastructure.

Incorrect Privilege Assignment in Dell PowerFlex Manager version 4.6.2 and earlier (both Appliance and Rack form factors) allows a low-privileged local attacker to escalate their privileges, impacting confidentiality, integrity, and availability at a low level each (CVSS 5.3 Medium, CWE-266). Dell has published dual advisories (DSA-2025-434 and DSA-2025-435) addressing the Appliance and Rack variants respectively. No public exploit code and no active exploitation have been identified at time of analysis.

Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate directory contents, potentially revealing sensitive files, configuration data, or internal path structures. Both the Appliance and Rack deployment forms are confirmed affected per Dell advisories DSA-2025-434 and DSA-2025-435. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, but the combination of Information Disclosure and Privilege Escalation tags suggests the exposed directory contents may facilitate further privilege escalation beyond initial information leakage.

Information disclosure in Dell PowerFlex Manager (Appliance, Rack, and core Manager) versions 4.6.2 and earlier allows unauthenticated remote attackers to enumerate server contents through exposed directory listings. The flaw carries a CVSS 7.5 (high) rating driven entirely by confidentiality impact and requires no privileges or user interaction, though no public exploit identified at time of analysis and the issue is not on CISA KEV.

Command injection in Dell SmartFabric Storage Software versions prior to 1.4.5 enables a high-privileged local attacker to gain unauthorized read and write access to the underlying filesystem. Exploitation requires local system presence and high-level privileges, with the CVSS vector (AV:L/AC:H/PR:H) indicating a constrained threat surface despite the high confidentiality, integrity, and availability impact scores. No public exploit identified at time of analysis, and this vulnerability is not listed in CISA KEV.

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.

Improper SSL/TLS certificate validation in Dell Live Optics Windows and Personal Edition collectors allows remote attackers to intercept and modify data transmitted by the collector. The vulnerability requires network positioning (man-in-the-middle) and user interaction, making exploitation moderately complex but enabling complete compromise of data confidentiality and integrity for collector communications. Dell has released patches in version 27.1.10.1 to address the certificate validation flaw.

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_VMAX/FLIPLINE before enabling TRANS_DDI_FUNC_CTL. Personally I was only able to reproduce a hang (on an Dell XPS 7390 2-in-1) with an external display connected via a dock using a dodgy type-C cable that made the link training fail. After the failed link training the machine would hang. TGL seemed immune to the problem for whatever reason. BSpec does tell us to configure VRR after enabling TRANS_DDI_FUNC_CTL as well. The DMC firmware also does the VRR restore in two stages: - first stage seems to be unconditional and includes TRANS_VRR_CTL and a few other VRR registers, among other things - second stage is conditional on the DDI being enabled, and includes TRANS_DDI_FUNC_CTL and TRANS_VRR_VMAX/VMIN/FLIPLINE, among other things So let's reorder the steps to match to avoid the hang, and toss in an extra WARN to make sure we don't screw this up later. BSpec: 22243 (cherry picked from commit 93f3a267c3dd4d811b224bb9e179a10d81456a74)

Local privilege escalation in Dell PowerScale InsightIQ versions 5.0.0 through 6.2.0 allows high-privileged attackers to execute code with unnecessary elevated privileges, potentially escalating to full system compromise. The vulnerability requires existing local access and high privilege level on the affected system; no public exploit has been identified at time of analysis.

OS command injection in Dell PowerScale InsightIQ 6.0.0 through 6.2.0 allows high-privileged local administrators to execute arbitrary system commands with elevated privileges, achieving container escape (scope change) on the storage cluster management platform. Dell published security advisory DSA-2026-208 addressing this vulnerability. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation at time of analysis.

Improper privilege management in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.3.0.0 allows high-privileged local attackers to escalate privileges and gain full system access, affecting confidentiality, integrity, and availability. No public exploit code or active exploitation has been identified at the time of analysis.

Remote code execution in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.3.0.0 via improper neutralization of formula elements in CSV files processed by the UI. Unauthenticated remote attackers can exploit this vulnerability with user interaction (formula injection attack) to achieve remote execution with limited confidentiality, integrity, and availability impact. No active exploitation confirmed; exploitation requires victim interaction with malicious CSV content.

Authentication bypass in Dell ECS Geo replication (versions 3.8.1.0-3.8.1.7) and Dell ObjectScale (prior to 4.3.0.0) allows unauthenticated remote attackers to access data in transit by exploiting assumed-immutable data assumptions. The vulnerability affects the replication authentication mechanism, enabling unauthorized data exposure without requiring valid credentials or user interaction.

Hard-coded credentials in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale <4.3.0.0 allow unauthenticated filesystem access. Despite CVSS 9.8 (network vector), the description explicitly states 'local access' is required, creating a critical discrepancy between scoring and actual attack surface. Attackers with local system access can leverage embedded credentials to gain unauthorized filesystem access. No active exploitation (CISA KEV) or public exploit confirmed at time of analysis. Dell advisory DSA-2026-047 addresses the vulnerability.

Missing authorization in Dell Automation Platform before 2.0.0.0 allows authenticated remote attackers to elevate privileges to high-integrity access. The vulnerability requires low-level authentication and user interaction but enables complete compromise of confidentiality, integrity, and availability. CVSS 8.0 (High) reflects the significant impact despite the authentication prerequisite. No active exploitation (CISA KEV) or public exploit code identified at time of analysis, though Dell has released patches per DSA-2026-193.

Dell PowerScale OneFS versions 9.5.0.0 through 9.12.0.1 contain an insufficient logging vulnerability that allows low-privileged local attackers to tamper with information without generating adequate audit trails, enabling attack obfuscation and compliance violation. The vulnerability affects multiple version branches across OneFS 9.5 through 9.12, with no public exploit code identified at time of analysis. CVSS score of 3.3 reflects low-to-medium integrity impact with local access requirement and low complexity.

Credential forwarding vulnerability in OpenStack Ironic's idrac driver allows authenticated attackers to steal time-limited Keystone tokens or molds storage credentials by manipulating import operations. Attackers with low-privileged Ironic access can redirect these credentials to attacker-controlled endpoints, gaining unauthorized access to all OpenStack services that Ironic is authorized for. Fixed in versions 26.1.6, 29.0.5, 32.0.1, and 35.0.1. CVSS 7.7 with scope change (S:C) reflects the privilege escalation from Ironic-only access to full OpenStack service access.

Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.

Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VMSA if the vCPU has already been launched, i.e. if the VMSA has already been encrypted. On a host with SNP enabled, accessing guest-private memory generates an RMP #PF and panics the host. BUG: unable to handle page fault for address: ff1276cbfdf36000 #PF: supervisor write access in kernel mode #PF: error_code(0x80000003) - RMP violation PGD 5a31801067 P4D 5a31802067 PUD 40ccfb5063 PMD 40e5954063 PTE 80000040fdf36163 SEV-SNP: PFN 0x40fdf36, RMP entry: [0x6010fffffffff001 - 0x000000000000001f] Oops: Oops: 0003 [#1] SMP NOPTI CPU: 33 UID: 0 PID: 996180 Comm: qemu-system-x86 Tainted: G OE Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: Dell Inc. PowerEdge R7625/0H1TJT, BIOS 1.5.8 07/21/2023 RIP: 0010:sev_es_sync_vmsa+0x54/0x4c0 [kvm_amd] Call Trace: <TASK> snp_launch_update_vmsa+0x19d/0x290 [kvm_amd] snp_launch_finish+0xb6/0x380 [kvm_amd] sev_mem_enc_ioctl+0x14e/0x720 [kvm_amd] kvm_arch_vm_ioctl+0x837/0xcf0 [kvm] kvm_vm_ioctl+0x3fd/0xcc0 [kvm] __x64_sys_ioctl+0xa3/0x100 x64_sys_call+0xfe0/0x2350 do_syscall_64+0x81/0x10f0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7ffff673287d </TASK> Note, the KVM flaw has been present since commit ad73109ae7ec ("KVM: SVM: Provide support to launch and run an SEV-ES guest"), but has only been actively dangerous for the host since SNP support was added. With SEV-ES, KVM would "just" clobber guest state, which is totally fine from a host kernel perspective since userspace can clobber guest state any time before sev_launch_update_vmsa().

Stack-based buffer overflow in Dell PowerProtect Data Domain DD OS allows remote unauthenticated attackers to execute arbitrary commands on vulnerable appliances. Affects Feature Release versions 7.7.1.0-8.6, LTS2025 (8.3.1.0-8.3.1.10), and LTS2024 (7.13.1.0-7.13.1.60). Despite network-accessible attack vector (AV:N/PR:N), high attack complexity (AC:H) indicates specialized exploit conditions. CISA SSVC framework rates exploitation as 'none' and automatable as 'no', suggesting manual, targeted exploitation rather than mass scanning. No active exploitation confirmed at time of analysis. Dell has released patches across all affected release tracks (DSA-2026-060).

Use-after-free in Linux kernel Open vSwitch module causes system crash when deleting network interfaces on PREEMPT_RT kernels. The vulnerability is confirmed patched in multiple stable kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0) with upstream fixes available via kernel.org commits. EPSS score of 0.02% (7th percentile) indicates very low exploitation likelihood. No active exploitation confirmed (not in CISA KEV). Local authenticated access required (CVSS AV:L/PR:L) with high impact (CVSS 7.8), but exploitation depends on PREEMPT_RT kernel configuration and specific Open vSwitch teardown race conditions.

Dell PowerProtect Data Domain appliances versions 7.7.1.0-8.7.0.0, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 contain an improper privilege management vulnerability in iDRAC that allows a high-privileged local attacker with user interaction to elevate privileges and perform unauthorized delete operations. The vulnerability requires high privileges and local access combined with user interaction, limiting real-world attack surface primarily to insider threats or physical facility access scenarios.

Stack-based buffer overflow in Dell PowerProtect Data Domain versions 7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allows high-privileged local attackers to execute arbitrary commands as root. The vulnerability requires local access and elevated privileges, limiting exposure to insider threats or compromised administrative accounts rather than remote attackers. No public exploit has been identified at time of analysis.

Dell PowerProtect Data Domain versions 8.5 through 8.6 contain a local command injection vulnerability (CWE-78) allowing high-privileged remote attackers to execute arbitrary commands with root privileges. The attack requires local access and elevated privileges (CVSS PR:H) but results in complete system compromise through unauthenticated code execution. No public exploit code has been identified, and CVSS 6.7 reflects the significant privilege barrier despite high impact.

OS command injection in Dell PowerProtect Data Domain versions 8.5 through 8.6 allows high-privileged remote attackers to execute arbitrary commands with root privileges by exploiting improper neutralization of special elements in OS command processing. This vulnerability requires high privilege level access but, once exploited, grants full system compromise. No active exploitation or public exploit code has been identified at time of analysis, but vendor has released patches addressing the issue.

OS command injection in Dell PowerProtect Data Domain allows authenticated administrative users with network access to execute arbitrary commands with root privileges. Affects multiple release branches (7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, LTS2024 7.13.1.0-7.13.1.60). Dell released patches across all affected branches (8.6.1.10, 7.13.1.70, 8.3.1.30). EPSS data unavailable; no KEV listing or public exploit identified at time of analysis. While CVSS 7.2 reflects high impact, exploitation requires pre-existing high-privilege administrative credentials, significantly limiting real-world attack surface to insider threats or credential compromise scenarios.

OS command injection in Dell PowerProtect Data Domain versions 7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allows high-privileged remote attackers to execute arbitrary commands as root. Network-accessible exploitation requires existing administrative credentials but minimal attack complexity (CVSS:3.1/AV:N/AC:L/PR:H). No active exploitation confirmed (not in CISA KEV). Vendor patch available per DSA-2026-060, addressing CWE-78 command injection weakness in multiple product streams including LTS releases.

Missing authentication in Dell PowerProtect Data Domain 7.7.1.0-8.6 and LTS releases allows remote unauthenticated attackers to execute arbitrary commands with root privileges when combined with user interaction. Affects enterprise backup appliances across multiple release branches including LTS2025 (8.3.1.0-8.3.1.20) and LTS2024 (7.13.1.0-7.13.1.60). CVSS 8.8 with network vector but requires user interaction (UI:R), reducing immediate automation risk. No EPSS or KEV data available at time of analysis, indicating vulnerability is newly disclosed. Dell security advisory DSA-2026-060 confirms patch availability.

OS command injection in Dell PowerProtect Data Domain allows remote high-privileged attackers to execute arbitrary commands on DD OS versions 7.7.1.0-8.5, LTS2025 8.3.1.0-8.3.1.10, and LTS2024 7.13.1.0-7.13.1.40. Dell published DSA-2026-060 addressing this CWE-78 flaw with CVSS 7.2 (high impact on confidentiality, integrity, availability). No public exploit identified at time of analysis. Post-authentication requirement (PR:H) reduces immediate risk for environments with strong privileged access controls, but network attack vector (AV:N) enables remote exploitation once administrative credentials are obtained.

Arbitrary command execution with root privileges in Dell PowerProtect Data Domain versions 8.5 through 8.6 allows high-privileged remote attackers to escalate from administrative access to full system control via improper input validation. Dell has released patches (versions 2.7.9 with DD OS 8.3.1.30, and 8.6.1.10+) per DSA-2026-060. EPSS data not available, not listed in CISA KEV, suggesting targeted risk rather than widespread exploitation. The network attack vector (AV:N) combined with high privilege requirement (PR:H) indicates this is an admin-to-root escalation vulnerability rather than initial access.

Root-level command injection in Dell PowerProtect Data Domain versions 7.7.1.0-8.6, 8.3.1.0-8.3.1.20 (LTS2025), and 7.13.1.0-7.13.1.60 (LTS2024) allows high-privileged remote attackers to execute arbitrary commands as root through improper input validation. Vendor patch available via DSA-2026-060. EPSS and KEV data not provided; CVSS 7.2 reflects high impact but requires existing high-level authentication, limiting real-world exploitation to scenarios where admin credentials are already compromised or insider threats exist.

Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0-8.5, 8.3.1.0-8.3.1.20 (LTS2025), and 7.13.1.0-7.13.1.50 (LTS2024) leak sensitive information to low-privileged remote attackers. An authenticated user with minimal privileges can access confidential data without authorization, resulting in information disclosure with a CVSS score of 4.3. No active exploitation reported, but the low attack complexity and remote network vector make this a practical vulnerability for attackers within administrative networks.

Dell PowerProtect Data Domain contains a reflected cross-site scripting (XSS) vulnerability affecting DD OS Feature Release versions 7.7.1.0-8.5, LTS2025 versions 8.3.1.0-8.3.1.20, and LTS2024 versions 7.13.1.0-7.13.1.50. A high-privileged remote attacker can inject malicious scripts into the web interface via crafted requests; if a victim administrator views the malicious link, the script executes in their browser context, potentially leading to credential theft, session hijacking, or unauthorized administrative actions. CVSS 5.9 reflects the requirement for high privileges and user interaction, though the wide version range and network accessibility indicate broad exposure across deployed instances.

Dell PowerProtect Data Domain DD OS versions 8.4 through 8.5 fail to enforce rate limiting on authentication attempts, allowing high-privileged remote attackers to conduct brute-force attacks against administrative credentials without account lockout or delays. This authentication bypass vulnerability enables unauthorized access to backup infrastructure systems that manage critical data protection workflows, with CVSS 6.2 reflecting the requirement for already-elevated privileges and high attack complexity.

Dell PowerProtect Data Domain DD OS versions 8.4-8.5 contain a session fixation vulnerability allowing high-privileged remote attackers to hijack authenticated sessions and gain unauthorized access without requiring user interaction. CVSS 6.2 reflects the high-complexity attack surface (AC:H) offset by elevated attacker privileges (PR:H) and direct confidentiality/integrity impact; no public exploit or active exploitation has been identified at time of analysis.

Dell PowerProtect Data Domain versions 8.4 through 8.5 contain an improper authentication vulnerability allowing high-privileged remote attackers to bypass authentication and gain unauthorized access to the system. CVSS 6.6 (high complexity, high privileges required) reflects the need for elevated attacker credentials but significant confidentiality, integrity, and availability impact. No public exploit code or active exploitation has been identified at time of analysis.

Dell PowerProtect Data Domain versions 8.4 through 8.5 contain an improper authentication vulnerability (CWE-287) allowing high-privileged remote attackers to bypass authentication controls and gain unauthorized access to protected systems. The vulnerability requires high privilege level and high attack complexity but enables confidentiality, integrity, and availability impact if successfully exploited. No active exploitation in CISA KEV confirmed at time of analysis.

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0 and specific LTS releases (8.3.1.0-8.3.1.20, 7.13.1.0-7.13.1.60) contain an OS command injection vulnerability (CWE-78) that allows high-privileged local attackers to execute arbitrary commands with root privileges. The vulnerability stems from improper neutralization of special elements in OS commands, with a CVSS score of 6.7 reflecting high confidentiality, integrity, and availability impact but constrained by local access and high privilege requirements.

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0, LTS2025 releases 8.3.1.0-8.3.1.20, and LTS2024 releases 7.13.1.0-7.13.1.60 allow local high-privileged attackers to execute arbitrary OS commands with root privileges via improper neutralization of special elements in command construction (OS command injection). No public exploit code or active exploitation has been identified at the time of analysis, but the vulnerability affects critical backup and disaster recovery infrastructure with direct root access potential.

Dell PowerProtect Data Domain versions 7.7.1.0-8.7.0.0, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allow OS command injection via improper neutralization of special elements in OS commands. A high-privileged local attacker can execute arbitrary commands with root privileges by exploiting this vulnerability, enabling complete system compromise.

Dell PowerProtect Data Domain versions 7.7.1.0-8.7.0.0, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 are vulnerable to argument injection in command processing, allowing high-privileged local attackers to execute arbitrary commands as root. Exploitation requires administrative-level access and local system presence, limiting real-world exposure to insider threats or post-compromise scenarios. No public exploit code or active exploitation has been identified at the time of analysis.

Command injection in Dell PowerProtect Data Domain allows high-privileged local attackers to execute arbitrary commands and gain root-level access across Feature Release versions 7.7.1.0-8.5, LTS2025 versions 8.3.1.0-8.3.1.20, and LTS2024 versions 7.13.1.0-7.13.1.50. The vulnerability requires local access and elevated privileges (PR:H), limiting exploitation scope to authenticated administrative users with shell or console access. No public exploit or active exploitation has been identified at the time of analysis.

Improper certificate validation in Dell PowerProtect Data Domain DD OS 7.7.1.0-8.5, 8.3.1.0-8.3.1.20 (LTS2025), and 7.13.1.0-7.13.1.60 (LTS2024) allows authenticated administrators with remote access to escalate privileges through certificate-based login exploitation. CVSS 7.2 (High) reflects network-based attack with low complexity, though requiring high-privilege credentials (PR:H). EPSS score of 0.02% (6th percentile) indicates very low probability of near-term exploitation. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis.

Command injection in Dell PowerProtect Data Domain DD OS versions 7.7.1.0-8.5 (Feature), 8.3.1.0-8.3.1.20 (LTS2025), and 7.13.1.0-7.13.1.50 (LTS2024) enables authenticated administrators with remote access to execute arbitrary commands as root. Dell DSA-2026-060 confirms patches in DD OS 8.6.0.0, 8.3.1.30, and 7.13.1.50. EPSS score of 0.05% (15th percentile) suggests low widespread exploitation risk despite network attack vector; no public exploit identified, CVSS 7.2 reflects high-privilege requirement limiting attack surface to compromised admin accounts or insider threats.

Dell PowerProtect Data Domain appliances log sensitive credentials when retention lock is enabled, allowing low-privileged remote attackers to harvest authentication data from log files. Affects DD OS 8.0-8.5 and LTS2025 8.3.1.0-8.3.1.10. Exploitation requires existing low-privileged access plus user interaction from a high-privileged administrator to authorize subsequent authentication attempts. EPSS score of 0.01% and SSVC assessment (non-automatable, partial impact) indicate low probability of widespread exploitation. Vendor patch available per Dell DSA-2026-060.

Insufficiently protected credential storage in Dell PowerProtect Data Domain BoostFS client allows local attackers with low privileges to extract stored credentials via local file access under specific race conditions (AC:H). Scope change (S:C) indicates compromised credentials grant access beyond the BoostFS client component itself, potentially to connected Data Domain systems. Dell has released patches for all affected branches (Feature Release 7.7.1.0-8.5, LTS2025 8.3.1.0-8.3.1.20, LTS2024 7.13.1.0-7.13.1.50). EPSS score of 0.01% suggests minimal observed exploitation interest, no CISA KEV listing, and no public POC identified at time of analysis.

Local attackers can gain full system access to Dell PowerProtect Data Domain storage systems without authentication due to weak default credentials in DD OS versions 7.7.1.0-8.5, 8.3.1.0-8.3.1.20, and 7.13.1.0-7.13.1.50. The vulnerability allows complete system compromise (CVSS 8.4) with high confidentiality, integrity, and availability impact despite requiring local access. No active exploitation confirmed (EPSS 0.01%, not in CISA KEV), and Dell has released patches across all affected release branches. SSVC framework rates this as total technical impact but non-automatable and not currently exploited.

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.

Local privilege escalation in Dell Storage Manager - Replay Manager for Microsoft Servers 8.0 allows low-privileged authenticated users to gain elevated privileges with high integrity and availability impact. Dell has released security advisory DSA-2026-058 with patches. The CVSS 7.3 (High) score reflects significant post-exploitation impact, though local access and existing authentication requirements limit initial attack surface. No active exploitation (CISA KEV) or public proof-of-concept code identified at time of analysis.

Local privilege escalation in Dell Elastic Cloud Storage (≤3.8.1.7) and ObjectScale (<4.1.0.3, =4.2.0.0) allows authenticated users with low privileges to extract credentials from log files and escalate to compromised account privileges. CVSS 7.8 (High). No public exploit identified at time of analysis. EPSS data not available, but local access requirement and low attack complexity suggest moderate exploitation likelihood in multi-tenant or shared administrative environments.

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.6 and 9.11.0.0 through 9.13.0.0 disclose sensitive information through error messages accessible to high-privileged local attackers. The vulnerability stems from improper error handling (CWE-209) that exposes confidential data in system responses, requiring local access and administrative privileges to exploit. With a CVSS score of 4.4 reflecting high confidentiality impact but low attack complexity and no public exploit identified at time of analysis, this represents a moderate risk primarily to organizations where insider threats or compromised admin accounts pose concerns.

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.6 and 9.11.0.0 through 9.13.0.1 contain an incorrect privilege assignment vulnerability allowing local authenticated attackers to escalate privileges with low complexity, potentially achieving partial confidentiality and integrity compromise alongside high availability impact. No public exploit code or active exploitation has been identified at the time of analysis, though the local attack vector and straightforward exploitation path (AC:L) indicate moderate real-world risk for environments where local access controls are weak.

Dell PowerProtect Agent prior to version 20.1 allows low-privileged local attackers to read sensitive information through incorrect permission assignment on critical resources. The vulnerability requires local access and existing user privileges but can expose confidential data without requiring user interaction or elevated permissions.

Incorrect permission assignment in Dell AppSync 4.6.0 enables local privilege escalation to high-impact system access. Authenticated attackers with low-privilege local access can exploit misconfigured resource permissions to elevate privileges, achieving full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis. Dell has released security advisory DSA-2026-163 addressing this vulnerability. EPSS data unavailable; CVSS 7.3 reflects significant local threat requiring user interaction.

UNIX symbolic link following in Dell AppSync 4.6.0 allows local authenticated attackers with low privileges to tamper with information and potentially escalate impact to high integrity and availability compromise. CVSS 7.3 (High) with low attack complexity. No public exploit identified at time of analysis. EPSS data not available, but local-only access requirement significantly reduces real-world attack surface compared to remotely exploitable vulnerabilities.

Path traversal vulnerability in Dell Secure Connect Gateway (SCG) versions 5.28.00.xx through 5.32.00.xx allows high-privileged attackers on the management network to bypass directory restrictions and achieve remote code execution. With a CVSS score of 4.7 and requiring high privilege level access, this vulnerability poses moderate risk to organizations running vulnerable SCG versions but is limited by the need for administrative-level attacker access within the management network. No public exploit code or active exploitation has been confirmed at time of analysis.

A credential disclosure vulnerability exists in the Linux kernel's Dell WMI System Management (dell-wmi-sysman) module where the set_new_password() function performs hex dumps of memory buffers containing plaintext password data, including both current and new passwords. This affects all Linux kernel versions with the vulnerable dell-wmi-sysman driver, allowing local attackers with access to kernel logs or debug output to extract sensitive authentication credentials. While no CVSS score, EPSS probability, or active KEV status is currently assigned, the patch availability across six stable kernel branches indicates the vulnerability has been formally addressed by the Linux kernel maintainers.

FreeIPMI versions before 1.16.17 contain exploitable buffer overflow vulnerabilities in the ipmi-oem command's response message handling for three vendor-specific subcommands: Dell's get-last-post-code, Supermicro's extra-firmware-info, and Wistron's read-proprietary-string. An attacker who can intercept or control IPMI server responses could trigger these buffer overflows to achieve arbitrary code execution on systems running vulnerable versions of FreeIPMI. No CVSS score, EPSS data, or public exploitation confirmation is currently available, but the vulnerabilities are documented in Savannah bug reports with clear technical details.

Dell Integrated Dell Remote Access Controller (iDRAC) versions 9, 14G (prior to 7.00.00.174), 15G, and 16G (prior to 7.10.90.00) contain an exposure of sensitive system information vulnerability caused by uncleared debug information in memory or logs. A remote attacker with high privileges can exploit this to disclose confidential system details without modifying or disrupting service availability. While the CVSS score is moderate at 4.9 due to high privilege requirements, the confidentiality impact is rated high, making this relevant for organizations where insider threats or compromised administrator accounts are a concern.

A Process Control vulnerability (CWE-114) exists in Dell Integrated Dell Remote Access Controller (iDRAC) across multiple generations that allows a high-privileged attacker with adjacent network access to achieve code execution. Affected versions include iDRAC 9 (14G prior to 7.00.00.181, 15G and 16G prior to 7.20.10.50) and iDRAC 10 (17G prior to 1.20.25.00). While the CVSS score of 5.3 is moderate, the integrity impact is rated high and remote code execution capability presents significant risk to out-of-band management infrastructure.

Dell ThinOS 10 versions before 2602_10.0573 contain a command injection flaw that allows local attackers with low privileges to execute arbitrary commands and escalate their access rights. The vulnerability stems from improper sanitization of special elements in user-supplied input, requiring only local access and no user interaction to exploit. No patch is currently available.

Dell Alienware Command Center versions before 6.12.24.0 suffer from improper privilege management that allows local attackers with low privileges to escalate their access on affected systems. An attacker with physical or local system access combined with user interaction could gain elevated privileges, potentially compromising system integrity and confidentiality. No patch is currently available for this vulnerability.

Dell Device Management Agent versions before 26.02 suffer from an authorization bypass that allows local attackers with low privileges to escalate their access on affected systems. The vulnerability stems from improper privilege validation and requires only local access with no user interaction to exploit. No patch is currently available for this issue.

Dell Device Management Agent versions before 26.02 store passwords in plaintext, allowing high-privileged local attackers to gain unauthorized access to sensitive systems. The vulnerability requires administrative-level access and local presence but poses a confidentiality risk to affected deployments. No patch is currently available.

Privilege escalation in Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 stems from incorrect privilege assignment that allows local attackers with low privileges to gain elevated access. An attacker with local system access and user interaction can exploit this vulnerability to achieve complete system compromise through unauthorized privilege elevation.

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. [CVSS 3.4 LOW]

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

Optimizer versions up to 6.3.1 is affected by improper link resolution before file access (CVSS 7.3).

Command \| Intel Vpro Out Of Band versions up to 4.7.0 is affected by uncontrolled search path element (CVSS 8.8).

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass. [CVSS 2.7 LOW]

Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privileged attackers with network access to execute arbitrary commands on affected systems. The vulnerability stems from insufficient validation of uploaded file types, enabling attackers to bypass security controls and gain code execution. A patch is available for affected organizations to remediate this risk.

Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote attackers to escalate their privileges. An attacker with low-level credentials can bypass authorization checks to gain high-privilege access to the system, potentially compromising confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote attackers with low-level credentials to escalate their privileges on affected systems. The vulnerability requires network access and valid authentication but no user interaction, making it exploitable by insiders or attackers who have obtained legitimate credentials. No patch is currently available.

Dell PowerProtect Data Manager versions prior to 19.22 contain improper verification of communication channels in the REST API, allowing high-privileged remote attackers to bypass security protections. The vulnerability requires administrative credentials but carries no patch availability, creating ongoing risk for affected deployments.

Dell Unisphere for PowerMax versions 10.2 suffer from a path traversal vulnerability (CWE-73) that allows authenticated remote attackers to delete arbitrary files on affected systems. An attacker with low-level privileges can exploit this flaw without user interaction to achieve denial of service or system compromise. No patch is currently available for this high-severity issue (CVSS 8.1).

Dell Unisphere for PowerMax 10.2 contains a path traversal vulnerability that allows authenticated remote attackers to overwrite arbitrary files on the system. This HIGH severity flaw (CVSS 8.8) requires only low privileges and network access to exploit, potentially enabling complete system compromise. No patch is currently available for this vulnerability.