Dell
Monthly
Unauthorized access in Dell ThinOS 10 (versions prior to 2605_10.2100) stems from an obsolete UI feature (CWE-448) that a low-privileged local attacker can abuse to bypass authentication controls. With valid low-level local access to the thin-client, an attacker can leverage the leftover interface path to reach functionality or data they should not have, yielding high confidentiality, integrity, and availability impact per the CVSS 7.8 (High) rating. No public exploit identified at time of analysis; the flaw was reported by Dell and disclosed in advisory DSA-2026-300.
Protection mechanism failure in Dell ThinOS 10 (versions prior to 2605_10.2100) allows an unauthenticated attacker with physical device access to bypass encryption controls and gain unauthorized read and write access to data stored on the thin client. The flaw, classified as CWE-693, indicates the encryption or authentication protection subsystem can be circumvented without any credentials, consistent with the Authentication Bypass tag and CVSS PR:N rating. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, though the physical access constraint limits but does not eliminate risk in environments with unattended or theft-prone thin clients.
Local information disclosure in Dell PowerScale OneFS (9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2) arises from sensitive data being written to log files, allowing a low-privileged local user to read secrets they should not access. Dell reported the issue (advisory DSA-2026-261) with no public exploit identified at time of analysis. Exploitation requires existing local, authenticated access to the cluster, limiting reach to insiders or attackers who have already established a foothold.
Elevation of privileges in Dell PowerScale OneFS versions 9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2 allows a high-privileged local attacker to escalate beyond their authorized access level due to improper privilege management (CWE-269). While the CVSS 3.1 base score of 6.7 reflects the local access and high-privilege prerequisites that constrain exploitability, the full C:H/I:H/A:H impact triad signals complete system compromise upon successful exploitation - a serious outcome for enterprise NAS infrastructure that frequently stores sensitive organizational data. No public exploit code or CISA KEV listing has been identified at time of analysis.
Unauthorized file disclosure in Dell Unisphere for PowerMax 10.3.0.5 and prior is achievable by a remote low-privileged attacker via an XML External Entity (XXE) injection flaw (CWE-611). By submitting crafted XML containing external entity declarations to a vulnerable parsing endpoint, an authenticated attacker can cause the server to read and return sensitive local files or initiate server-side requests, resulting in High confidentiality impact. No public exploit code or CISA KEV listing has been identified at time of analysis; however, Dell has issued advisory DSA-2026-272 covering this and related vulnerabilities across the PowerMax product family.
Remote command execution in Dell Unisphere for PowerMax versions 10.3.0.5 and prior allows a low-privileged authenticated user to run arbitrary OS commands with root privileges by abusing unsafe deserialization of untrusted data (CWE-502). Because the CVSS vector is AV:N/AC:L/PR:L, any account with minimal access on the management interface can escalate to full root control of the storage-management appliance. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but the low attack complexity and full CIA impact make it a high-priority patch for storage administrators.
SQL injection in Dell PowerFlex Manager prior to version 5.1.0.1 allows a remote, low-privileged authenticated attacker to inject crafted SQL commands through the management interface, resulting in information disclosure and unauthorized access to data beyond the attacker's authorized scope. Rated CVSS 8.5 with a scope-changed vector, the flaw is reported by Dell (DSA-2026-066) and carries confidentiality impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
SQL injection in Dell PowerFlex Manager before 5.1.0.1 lets a low-privileged, remotely authenticated user inject crafted SQL into a backend query, resulting in unauthorized reading of database contents (information exposure). The flaw is fixed in 5.1.0.1 per Dell advisory DSA-2026-066, and there is no public exploit identified at time of analysis. Because exploitation requires a valid low-privilege account, the practical risk is highest in multi-tenant or broadly-provisioned management deployments rather than internet-facing unauthenticated exposure.
Root-level OS command execution in Dell PowerFlex Manager (versions prior to 5.1.0.1) lets a remote, high-privileged attacker inject operating-system commands during OS Repository processing, resulting in full appliance compromise. Because PowerFlex Manager orchestrates storage and HCI infrastructure, code execution as root also enables lateral movement into managed nodes. There is no public exploit identified at time of analysis, and Dell has released a fixed build (5.1.0.1) via advisory DSA-2026-066.
Path traversal in Dell Unisphere for PowerMax 10.3.0.5 and prior exposes arbitrary files on the underlying server to remote attackers holding low-privileged credentials. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms high confidentiality impact with no integrity or availability consequence, consistent with a read-only directory traversal flaw. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis, though the low attack complexity raises concern for rapid weaponization if credentials are compromised.
Improper authorization enforcement in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6, plus LTS branches 8.6.1.0-8.6.1.10, 8.3.1.0-8.3.1.30, and 7.13.1.0-7.13.1.70) allows a low-privileged, remote authenticated attacker to reach resources or actions beyond their assigned role, resulting in unauthorized access. Rated CVSS 8.8 (High) with high confidentiality, integrity, and availability impact and low attack complexity. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low barrier to exploitation for any existing account makes this a meaningful escalation risk on these backup appliances.
Denial of service in Dell PowerProtect Data Domain (DDOS versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70) allows a remote, unauthenticated attacker to crash or hang the appliance by triggering an integer overflow (CWE-190). Per the CVSS vector (PR:N/UI:N), no authentication or user interaction is required, and the impact is confined to availability (C:N/I:N/A:H) - no data disclosure or code execution. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV; EPSS was not provided.
Unauthorized file modification in Dell PowerProtect Data Domain allows a high-privileged remote attacker to write files outside the intended restricted directory via path traversal. Affected across multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 branches. Dell has published advisory DSA-2026-278 addressing this flaw; no public exploit code or active exploitation has been identified at time of analysis.
Stored cross-site scripting in Dell PowerProtect Data Domain (DD OS 7.7.1.0 through 8.7, plus the LTS2026 8.6.1.x, LTS2025 8.3.1.x, and LTS2024 7.13.1.x branches) lets a remote attacker persist malicious script in the appliance management interface that executes in other users' browser sessions. Because the flaw is reachable without authentication and the injected payload runs in the victim's authenticated context, an attacker can achieve information disclosure, session/token theft, and client-side request forgery against operators of the backup appliance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Dell has published advisory DSA-2026-278.
OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 branches) lets an already-authenticated, high-privileged remote user break out of the appliance's restricted management context and run arbitrary commands as root. Dell rates it Critical because the flaw defeats the platform's protection mechanism and yields full root-level code execution on the backup appliance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Dell explicitly urges customers to upgrade at the earliest opportunity.
Path traversal leading to full system compromise affects Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0 through 8.7, plus the LTS2026 (8.6.1.0-8.6.1.10), LTS2025 (8.3.1.0-8.3.1.30), and LTS2024 (7.13.1.0-7.13.1.70) branches. Per the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N), an unauthenticated remote attacker can traverse outside the intended directory to gain unauthorized access and, according to Dell, take complete control of the system. Dell rates this critical (9.8) and its tags note an authentication-bypass characteristic; no public exploit identified at time of analysis and it is not currently in CISA KEV.
Improper authentication in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 branches) lets an unauthenticated, remote attacker bypass authentication and gain unauthorized access that Dell says can escalate to complete system control. Dell rates it critical (CVSS 9.8, CWE-287). No public exploit identified at time of analysis, and it is not listed in CISA KEV, but the network-facing, no-privilege attack profile makes it a high-priority patch for backup/data-protection infrastructure.
OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged local attacker to execute arbitrary operating system commands. Affected versions span the main release line (7.7.1.0-8.7) as well as LTS2024, LTS2025, and LTS2026 branch releases. No public exploit code or active exploitation has been identified at time of analysis; the local access and high-privilege prerequisites substantially constrain the realistic attack surface despite the full C/I/A impact scores.
Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025 and LTS2024 branches) lets a high-privileged, remotely-authenticated attacker run operating-system commands on the backup appliance by injecting special characters into an OS command context. The flaw was reported by Dell and is addressed in advisory DSA-2026-278; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because it grants full command execution on a data-protection appliance, successful exploitation can compromise the confidentiality, integrity and availability of backup data.
OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 maintenance branches) lets an authenticated high-privileged remote attacker execute arbitrary operating-system commands on the appliance via improperly neutralized special characters (CWE-78). Because the attacker already holds elevated privileges, the flaw functions as a privilege-boundary and integrity break - turning administrative access into full underlying-OS command execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Dell and fixed in advisory DSA-2026-278.
Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70) lets a high-privileged remote attacker inject arbitrary operating-system commands and execute them on the appliance. Successful exploitation yields full confidentiality, integrity, and availability impact (CVSS 7.2), effectively giving an authenticated administrator command execution on the underlying OS of a backup/data-protection system. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Integer overflow in Dell PowerProtect Data Domain across multiple release trains (main, LTS2024, LTS2025, LTS2026) exposes backup and data protection infrastructure to remote denial of service by an unauthenticated attacker. The CVSS vector (AV:N/AC:H/PR:N) confirms network-accessible, unauthenticated exploitation, though high attack complexity constrains practical exploitation to adversaries who can satisfy specific preconditions. No public exploit has been identified at time of analysis, and the vulnerability has not been added to the CISA Known Exploited Vulnerabilities catalog.
Symlink-following vulnerability in Dell PowerProtect Data Domain allows a high-privileged remote attacker to traverse outside intended file paths and read arbitrary files, resulting in information disclosure. Multiple version branches are affected, including the current mainstream 8.7 release, LTS2026 builds through 8.6.1.10, LTS2025 builds through 8.3.1.30, and LTS2024 builds through 7.13.1.70. Dell published advisory DSA-2026-278 addressing this issue; no public exploit code or active exploitation has been identified at time of analysis.
Information exposure in Dell PowerProtect Data Domain across multiple release tracks allows a low-privileged local attacker to read sensitive residual data via an uninitialized memory resource (CWE-908). The flaw spans the mainline 7.7.1.0-8.7 branch and three LTS tracks (LTS2024, LTS2025, LTS2026), confirmed by Dell via advisory DSA-2026-278. No public exploit code exists and no active exploitation has been identified; the CVSS 3.3 score and local-only attack vector place this firmly in the low-severity tier.
OS command injection in Dell PowerProtect Data Domain enables a high-privileged local attacker to execute arbitrary operating system commands on the backup appliance, achieving full command execution within the Data Domain OS (DDOS). The flaw spans the general release track (7.7.1.0-8.6) and three LTS streams (LTS2024, LTS2025, LTS2026), indicating a shared vulnerable code path across a wide version surface. No public exploit code or CISA KEV listing exists at time of analysis, and the PR:H/AV:L prerequisites meaningfully constrain real-world risk to insider threats or post-compromise scenarios.
Incorrect authorization in Dell PowerProtect Data Domain permits a high-privileged local attacker to execute commands outside their authorized scope across a broad span of affected versions covering the main release line and all three active LTS branches. The root cause (CWE-863) indicates the appliance's Data Domain OS fails to enforce authorization boundaries correctly for certain operations accessible to already-elevated users, enabling privilege escalation within an authenticated administrative session. No public exploit code or active exploitation is confirmed at time of analysis; the CVSS 4.2 Medium score accurately reflects the significant access prerequisites - local presence plus high-level credentials - required to trigger the flaw.
Dell PowerProtect Data Domain exposes sensitive file content to high-privileged local attackers through a symlink-following flaw (CWE-59), where the application fails to validate link targets before file access. Affected versions span multiple release trains including the current 8.x mainline and LTS branches. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Sensitive information disclosure in Dell PowerProtect Data Domain exposes credentials or configuration data to local low-privileged attackers via insufficiently protected log files. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, with specific LTS branches also impacted. No public exploit code or active exploitation has been identified at time of analysis, but the high confidentiality impact (C:H) warrants prompt patching on any appliance accessible to untrusted local users or shared administrative accounts.
Improper access control in the RBAC implementation of Dell PowerProtect Data Domain allows a low-privileged authenticated remote attacker to tamper with information beyond their authorized role scope. Affected releases span the main 7.7.1.0-8.6 line and three LTS tracks covering LTS2024, LTS2025, and LTS2026. No public exploit code has been identified and exploitation has not been confirmed by CISA KEV, placing this as a medium-priority issue requiring patch scheduling rather than emergency response.
OS command injection in Dell PowerProtect Data Domain across four version release trains allows a high-privileged remote attacker to execute arbitrary operating system commands on the appliance. Affected products span mainline versions 7.7.1.0 through 8.7 and three LTS branches, confirmed by Dell Security Advisory DSA-2026-278. No public exploit identified at time of analysis and the CVE is absent from CISA KEV; however, the high integrity and availability impact (I:H/A:H) on a backup appliance makes patching urgent for environments where backup infrastructure is shared or admin credentials are broadly distributed.
Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory contents and crash the service across multiple concurrent release trains. Affected versions span the mainline (7.7.1.0-8.7), LTS2026 (8.6.1.0-8.6.1.10), LTS2025 (8.3.1.0-8.3.1.30), and LTS2024 (7.13.1.0-7.13.1.70) branches, creating broad organizational exposure for enterprises running any supported Data Domain release. No public exploit or confirmed active exploitation has been identified at time of analysis; the mandatory high-privilege prerequisite substantially constrains the realistic attacker pool.
Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perform limited information tampering, classified under CWE-348. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 long-term support branches. With a CVSS base score of 2.7 (Low) and no confirmed active exploitation or public proof-of-concept, real-world impact is constrained by the high privilege requirement and the limited integrity-only scope of the vulnerability.
Path traversal in Dell PowerProtect Data Domain allows a locally authenticated high-privileged attacker to read files outside restricted directories, resulting in information disclosure. Affected deployments span multiple release trains - standard releases 7.7.1.0 through 8.6, LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70. No public exploit identified at time of analysis; the low CVSS score of 2.3 correctly reflects the high privilege and local access prerequisites that substantially constrain real-world exploitation scope.
Incorrect permission assignment on a critical resource in Dell PowerProtect Data Domain exposes sensitive data to high-privileged local attackers across a broad range of supported release trains. The flaw (CWE-732) means a resource - likely a file, directory, or configuration object - carries overly permissive access controls, allowing a local attacker operating with elevated privileges to read data they are not authorized to access. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the breadth of affected versions (seven release trains spanning 2024-2026 LTS and mainline builds) increases aggregate exposure across enterprise backup environments.
Link-following exploitation in Dell PowerProtect Data Domain enables a high-privileged local attacker to read files outside their intended access scope by manipulating symbolic or hard links before file access operations resolve. Affected across multiple release trains - mainline 7.7.1.0 through 8.6, LTS2026 8.6.1.10 and below, LTS2025 8.3.1.30 and below, and LTS2024 7.13.1.70 and below. No public exploit code or active exploitation confirmed at time of analysis; risk is bounded by the requirement for pre-existing high-privilege local access.
Physical-access authentication bypass in Dell Client Platform BIOS (CWE-305) affects a sweeping range of Dell consumer, gaming, and enterprise platforms - including Inspiron, Alienware, Latitude, OptiPlex, and Precision lines. An unauthenticated attacker with physical access and the ability to meet high-complexity attack conditions can bypass the primary BIOS authentication mechanism, resulting in information disclosure and, per the CVSS integrity metric (I:H), potential high-integrity impact. Notably, the declared impact in the description is limited to 'Information Disclosure' while the supplied CVSS vector assigns I:H, a discrepancy that warrants clarification from Dell's advisory DSA-2026-195. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog.
Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. There is no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.12% (3rd percentile), but the SSVC technical impact is rated 'total', reflecting the complete compromise achievable once a foothold exists.
OS command injection in Dell Container Storage Modules (CSM) version 2.16.0 - spanning the csi-powerstore, csi-unity, csi-powerflex, and csi-powermax CSI drivers - lets a remote, high-privileged attacker inject and execute arbitrary operating-system commands (CWE-78). Successful exploitation yields full confidentiality, integrity, and availability impact with a scope change, meaning command execution can reach beyond the vulnerable component into the surrounding host or cluster. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 3.1 base score is 8.0 (High).
OS command injection in Dell Display and Peripheral Manager (DDPM) for macOS, all versions prior to 2.3, allows a low-privileged local user to inject and execute arbitrary operating-system commands through improperly neutralized special elements (CWE-78). Because the affected component is a privileged peripheral-management utility, successful injection can yield command execution with full impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, so risk is currently theoretical but high-impact for systems with this Dell utility installed.
Protection mechanism bypass in Dell Display and Peripheral Manager for Mac (versions prior to 2.3) stems from improper certificate validation, allowing a low-privileged local user to defeat a security control the application relies on. Dell self-reported the issue and there is no public exploit identified at time of analysis; EPSS is very low (0.07%) and CISA SSVC marks exploitation status as 'none', though technical impact is rated 'total'. The flaw affects the macOS build of DDPM, a companion utility for Dell monitors and peripherals.
Local privilege escalation in Dell Display and Peripheral Manager (DDPM) for Mac, versions prior to 2.3, lets a low-privileged local user win a race condition (CWE-362) to gain elevated privileges. The flaw stems from improper synchronization around a shared resource, and successful exploitation yields full compromise of confidentiality, integrity, and availability on the host. No public exploit identified at time of analysis, and EPSS is negligible (0.07%); CISA SSVC marks exploitation as none but technical impact as total.
Remote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the application's acceptance of extraneous untrusted data alongside trusted data (CWE-349). Per the provided CVSS vector (PR:N), a remote unauthenticated attacker could potentially achieve full code execution against the management server, though the Dell description text characterizes the actor as 'low privileged' - a discrepancy worth verifying. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Remote code execution in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) is reachable through a path traversal flaw (CWE-22) that lets an authenticated, high-privileged remote attacker access or write files outside the intended directory and ultimately execute arbitrary code on the management server. The CVSS 3.1 base score is 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), reflecting full confidentiality, integrity, and availability impact gated by a high-privilege requirement. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Local privilege escalation to code execution affects Dell Display and Peripheral Manager (DDPM) for Windows in all versions prior to 2.3, where an Improper Access Control flaw (CWE-284) lets a low-privileged local user execute arbitrary code in a higher-privileged context. The CVSS 3.1 base score is 7.8 (High), reflecting full confidentiality, integrity, and availability impact from a local, low-privilege starting point with no user interaction. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unbounded string concatenation in the Linux kernel's Dell WMI BIOS interface driver (dell-wmi-sysman) allows a local low-privileged attacker on Dell hardware to crash the kernel. The populate_enum_data() function bounds each individual firmware-provided string but applies no remaining-space check during cumulative strcat() calls into fixed 512-byte struct members, enabling a buffer overflow that results in complete system availability loss. With an EPSS of 0.17% (7th percentile), no public exploit code, and no CISA KEV listing, this is a low-likelihood but straightforward local denial-of-service on Dell platforms running unpatched kernel versions.
Authenticated SQL injection (CWE-89) in Dell Wyse Management Suite (WMS) before version 2605 lets a low-privileged remote user inject crafted SQL into application queries, yielding unauthorized read/write access to the management database with high impact to confidentiality, integrity, and availability. Tracked as EUVD-2026-38345 and disclosed by Dell in advisory DSA-2026-247, it carries CVSS 3.1 8.8 but has no public exploit identified at time of analysis and a low EPSS of 0.24% (15th percentile), with CISA SSVC reporting no known exploitation.
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote attackers to manipulate backend database queries, leading to unauthorized data access and potential integrity or availability impact. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability under low attack complexity, though no public exploit identified at time of analysis. The flaw is tagged with 'Authentication Bypass' implications, suggesting the SQLi could be leveraged to escalate beyond the attacker's initial low-privilege context.
Dell Wyse Management Suite (WMS) versions prior to 2605 ships with default credentials, enabling a high-privileged local attacker to authenticate using those credentials and access sensitive information. Reported by Dell under DSA-2026-247, the flaw is classified under CWE-1392 (Use of Default Credentials) and carries a CVSS 3.1 base score of 6.0, reflecting local-only attack surface constrained by the requirement for high privilege. No public exploit code or CISA KEV listing has been identified at time of analysis.
Local privilege-bound symlink abuse in Dell Wyse Management Suite (WMS) versions prior to 2605 allows a low-privileged local user to gain unauthorized access to files or resources they should not reach. The flaw is rooted in improper link resolution before file access (CWE-59), and while no public exploit has been identified at time of analysis, the CVSS 7.8 score reflects full confidentiality, integrity, and availability impact once the local prerequisite is met.
Local privilege escalation in Dell Server Hardware Manager versions prior to 3.2.2 allows a low-privileged local user to gain higher privileges due to improper access control (CWE-284). The CVSS 7.8 (AV:L/AC:L/PR:L/UI:N) reflects high impact across confidentiality, integrity, and availability once exploited. No public exploit identified at time of analysis and the CVE is not in CISA KEV.
Local privilege escalation in Dell AIOps Collector versions prior to 1.18.3 allows a low-privileged attacker with console access to obtain filesystem-level access by abusing default credentials shipped with fresh installations. The flaw only affects systems freshly installed at an earlier version; upgraded hosts are not impacted. No public exploit identified at time of analysis, and the issue is not on CISA KEV.
Host Header Injection in Dell PowerFlex Rack RCM 3.7 enables unauthenticated remote attackers to trigger open redirects by supplying a forged HTTP Host header, potentially redirecting victim users to attacker-controlled sites for phishing or credential harvesting. The CVSS 4.3 Medium score reflects the requirement for user interaction (UI:R) and limited confidentiality impact, with no integrity or availability consequence. No public exploit code has been identified at time of analysis, and the vulnerability has no CISA KEV listing.
SQL injection in Dell PowerFlex Manager allows a low-privileged attacker with adjacent-network access to inject SQL commands that the application processes against its backend database, leading to script injection and potential compromise of confidentiality, integrity, and availability. The flaw is reported by Dell with no public exploit identified at time of analysis, and EPSS exploitation probability is low (0.19%, 9th percentile).
SQL injection in Dell PowerFlex Manager exposes database contents to low-privileged adjacent-network attackers via insufficiently sanitized SQL command input. The vulnerability requires both network adjacency and existing low-level credentials, limiting its reach considerably from an opportunistic threat standpoint. No active exploitation has been confirmed by CISA KEV, and no public exploit code is known at time of analysis; the CVSS score of 3.5 (Low) reflects the constrained attack surface.
Improper access control in Dell PowerFlex Manager allows a low-privileged remote attacker to trigger a denial-of-service condition and tamper with integrity-sensitive operations against the software-defined storage management plane. Dell disclosed the issue in advisory DSA-2026-066, and at the time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.
Privilege escalation in Dell PowerFlex Manager allows a low-privileged attacker on an adjacent network segment to bypass access controls and gain unauthorized elevated access to the management plane. The CVSS 8.0 (High) score reflects significant confidentiality, integrity, and availability impact, though there is no public exploit identified at time of analysis and EPSS rates exploitation probability at only 0.13% (3rd percentile). CISA SSVC classifies exploitation as 'none' with non-automatable attack characteristics, indicating no observed real-world abuse despite the meaningful technical severity.
Dell PowerFlex Manager's improper access control (CWE-284) permits a remote, low-privileged attacker to cause a denial of service condition against the management platform. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms the attack is network-reachable with minimal complexity once credentials are obtained, and is limited in scope to availability degradation (A:L). No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Missing authentication on a critical function in Dell PowerFlex Manager allows an adjacent-network attacker to invoke privileged operations without credentials, yielding code execution, denial of service, information disclosure, tampering, and unauthorized access. No public exploit identified at time of analysis, and the affected version range was not populated in the source advisory placeholder. Dell self-reported the issue under DSA-2026-066.
Authentication bypass in Dell PowerFlex Manager allows an unauthenticated attacker with adjacent-network access to gain unauthorized access to the management plane, with high impact to integrity and availability of the software-defined storage fabric. Dell's DSA-2026-066 advisory addresses this and other PowerFlex flaws; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Affected version range is not enumerated in the public record, which constrains accurate exposure scoping.
Improper authentication in Dell PowerFlex Manager allows unauthenticated attackers with adjacent network access to bypass authentication controls, resulting in information disclosure, data tampering, and unauthorized access to managed storage infrastructure. The vulnerability carries a CVSS 8.1 rating reflecting high confidentiality and integrity impact, though no public exploit identified at time of analysis and EPSS scores it at 0.19% probability. SSVC scoring from CISA indicates no observed exploitation and partial technical impact.
Information disclosure in Dell PowerFlex Manager versions prior to 4.8 stems from inclusion of functionality from an untrusted control sphere (CWE-829), allowing remote attackers to obtain sensitive data when a user is enticed into interacting with attacker-controlled content. Dell rates the issue at CVSS 7.5 with high attack complexity and required user interaction, and no public exploit identified at time of analysis.
Broken or risky cryptographic algorithm use in Dell PowerFlex Manager 4.6.0.1 exposes network-accessible infrastructure management communications to potential interception and modification. Remote unauthenticated attackers who achieve the requisite network positioning - consistent with the CVSS AC:H rating - could exploit weak or deprecated cryptographic primitives to partially disclose sensitive management data (C:L) or tamper with communications in transit (I:L). Dell has published advisory DSA-2026-066 under the multi-CVE release DSA-2026-066; no public exploit code and no active exploitation (CISA KEV absent) have been identified at time of analysis.
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.
Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. Rated medium severity (CVSS 6.7).
Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. Rated medium severity (CVSS 6.7).
Weak password encoding in Dell Client Platform BIOS (CWE-261) exposes BIOS credentials to recovery by a physically present unauthenticated attacker, enabling privilege escalation through unauthorized BIOS access. Affected hardware spans ruggedized Latitude field devices, Precision workstation towers and racks, and Edge/Embedded Gateway platforms - product categories frequently deployed in physically accessible or unattended environments. No public exploit code exists and no active exploitation has been identified at time of analysis, but the combination of credential recoverability and high-confidentiality/high-integrity CVSS impact makes patching a priority for organizations managing assets in low-physical-security locations.
Arbitrary file write in Dell/Alienware Purchased Apps versions prior to 1.1.32.0 is achievable by a low-privileged local attacker through a link-following (CWE-59) flaw, enabling overwrite of files at elevated privilege levels and resulting in high integrity and availability impact. The CVSS vector (AV:L/AC:H/PR:L) confirms local access with high attack complexity is required, suggesting exploitation likely involves a race condition or carefully staged symlink placement. No active exploitation is confirmed (not in CISA KEV), and a vendor-released patch is available at version 1.1.32.0.
Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.
Link-following (symlink attack) in Dell iDRAC Tools versions prior to 11.4.1.0 allows a low-privileged local attacker to redirect file operations to unintended targets, resulting in unauthorized modification of files (high integrity impact) and potential availability disruption. Exploitation requires both low-level local access and user interaction, placing this in a constrained attack surface. No public exploit code and no CISA KEV listing have been identified at time of analysis, and no EPSS score was supplied in source data.
Denial of service in Dell BSAFE SSL-J allows unauthenticated remote attackers to exhaust resources on systems using the cryptographic library, rendering affected services unavailable. The flaw stems from CWE-770 (allocation of resources without limits or throttling) and carries a CVSS 7.5 score reflecting network-reachable, no-privilege exploitation with high availability impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Denial of service in FreeIPMI versions before 1.16.18 allows remote attackers to crash the ipmi-oem client by sending malformed IPMI response messages that trigger stack-based buffer overflows in the 'dell get-active-directory-config' and 'fujitsu get-sel-entry-long-text' subcommands. The flaw is client-side: a victim must invoke the affected subcommand against an attacker-controlled or compromised IPMI endpoint. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Local privilege escalation in Dell ThinOS 10 versions prior to ThinOS10 2602_10.0765 allows a low-privileged user with local access to elevate to higher privileges due to improper access control (CWE-284). The CVSS 3.1 base score of 7.8 reflects high impact on confidentiality, integrity, and availability, though exploitation requires existing local foothold. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Physical access to Dell ThinOS 10 endpoints running versions prior to ThinOS10 2602_10.0765 allows an unauthenticated attacker to bypass access controls, exposing sensitive information with high confidentiality and integrity impact. The flaw, rooted in CWE-284 (Improper Access Control), enables circumvention of authentication or authorization mechanisms at the device level without requiring prior credentials. No active exploitation has been confirmed (not in CISA KEV) and no public exploit has been identified; Dell has released a patched build addressing this issue.
Denial of service in the Linux kernel Ceph client allows local users with access to a Ceph-mounted filesystem to trigger d_hash list corruption and RCU stalls by inducing path lookups against reused cached negative dentries. The flaw stems from fs/ceph/dir.c calling d_add(dentry, NULL) on already-hashed negative dentries, creating self-loops in the hlist_bl bucket that cause __d_lookup() to spin indefinitely. EPSS is 0.02% (5th percentile) and no public exploit identified at time of analysis, but the bug has been reproduced organically in production (RCU stall on a Dell PowerEdge R7615 running 6.18.17).
Use-after-free in the Linux kernel bonding driver's Adaptive Load Balancing (ALB) subsystem allows a local low-privileged user to crash the kernel by racing rlb_arp_recv() against rlb_deinitialize() during rapid bond interface up/down cycling. Specifically, the RX handler continues to dereference rx_hashtbl entries after rlb_deinitialize() frees them, because recv_probe is set to NULL without first draining in-flight softirq handlers via synchronize_net(). Systems running bonded NICs in ALB mode (mode=6) on affected kernel versions - including Dell PowerEdge hardware and Canonical-distributed kernels - are at risk of kernel panic. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms no observed mass exploitation.
Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
Dell PowerFlex Manager versions 4.6.2 and earlier improperly store sensitive information in a manner accessible to low-privileged local users, resulting in unauthorized disclosure of confidential data with high confidentiality impact per CVSS. Affected deployments span both the Appliance and Rack form factors of the platform. No public exploit code has been identified at time of analysis and CISA KEV does not list this vulnerability, though the CWE-922 root cause and the 'Authentication Bypass' tag suggest the exposed data may include credentials or tokens that could enable downstream privilege escalation or lateral movement.
Broken or risky cryptographic algorithm use in Dell PowerFlex Manager's SSH component (versions ≤4.6.2) allows a locally authenticated low-privileged attacker to bypass SSH protection mechanisms, affecting both Appliance and Rack form factors. The CVSS vector (AV:L/AC:H/PR:L) reflects significant exploitation barriers: physical or logical local access is required, attack complexity is high, and impact is limited to partial confidentiality and integrity loss with no availability impact. Dell has published dual advisories (DSA-2025-434 for Appliance, DSA-2025-435 for Rack); no public exploit or CISA KEV listing exists at time of analysis.
Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft malicious application URLs that silently redirect targeted users to arbitrary attacker-controlled web destinations. Exploitation requires user interaction (CVSS UI:R) - a victim must follow a specially crafted link - but no authentication or special privileges are needed on the attacker's side. The primary risk is phishing: because the initial URL appears to point at a legitimate Dell infrastructure management portal, users are more likely to trust and follow it, making credential theft or sensitive data disclosure against PowerFlex administrators a realistic outcome. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Improper certificate validation in Dell PowerFlex Manager version 4.6.2 and earlier allows an unauthenticated attacker on an adjacent network to intercept and tamper with protected communications. The flaw (CWE-295) means the product fails to adequately verify peer certificates during TLS/SSL exchanges, enabling a man-in-the-middle position to read or modify in-transit management data. No active exploitation is confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis.
Insecure storage of sensitive information in Dell PowerFlex Manager versions up to and including 4.6.2 exposes credentials, keys, or configuration secrets to any attacker with local OS-level access to the appliance - no PowerFlex Manager authentication required. The CVSS vector (AV:L/AC:L/PR:N/UI:N) confirms the attacker needs only local system access, not application credentials, to retrieve the improperly protected data. No public exploit identified at time of analysis and no CISA KEV listing; however, the 'Authentication Bypass' tag in the intelligence data suggests the exposed sensitive material may itself enable downstream privilege escalation or authentication bypass against PowerFlex or its managed infrastructure.
Incorrect Privilege Assignment in Dell PowerFlex Manager version 4.6.2 and earlier (both Appliance and Rack form factors) allows a low-privileged local attacker to escalate their privileges, impacting confidentiality, integrity, and availability at a low level each (CVSS 5.3 Medium, CWE-266). Dell has published dual advisories (DSA-2025-434 and DSA-2025-435) addressing the Appliance and Rack variants respectively. No public exploit code and no active exploitation have been identified at time of analysis.
Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate directory contents, potentially revealing sensitive files, configuration data, or internal path structures. Both the Appliance and Rack deployment forms are confirmed affected per Dell advisories DSA-2025-434 and DSA-2025-435. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, but the combination of Information Disclosure and Privilege Escalation tags suggests the exposed directory contents may facilitate further privilege escalation beyond initial information leakage.
Information disclosure in Dell PowerFlex Manager (Appliance, Rack, and core Manager) versions 4.6.2 and earlier allows unauthenticated remote attackers to enumerate server contents through exposed directory listings. The flaw carries a CVSS 7.5 (high) rating driven entirely by confidentiality impact and requires no privileges or user interaction, though no public exploit identified at time of analysis and the issue is not on CISA KEV.
Command injection in Dell SmartFabric Storage Software versions prior to 1.4.5 enables a high-privileged local attacker to gain unauthorized read and write access to the underlying filesystem. Exploitation requires local system presence and high-level privileges, with the CVSS vector (AV:L/AC:H/PR:H) indicating a constrained threat surface despite the high confidentiality, integrity, and availability impact scores. No public exploit identified at time of analysis, and this vulnerability is not listed in CISA KEV.
An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.
Improper SSL/TLS certificate validation in Dell Live Optics Windows and Personal Edition collectors allows remote attackers to intercept and modify data transmitted by the collector. The vulnerability requires network positioning (man-in-the-middle) and user interaction, making exploitation moderately complex but enabling complete compromise of data confidentiality and integrity for collector communications. Dell has released patches in version 27.1.10.1 to address the certificate validation flaw.
Unauthorized access in Dell ThinOS 10 (versions prior to 2605_10.2100) stems from an obsolete UI feature (CWE-448) that a low-privileged local attacker can abuse to bypass authentication controls. With valid low-level local access to the thin-client, an attacker can leverage the leftover interface path to reach functionality or data they should not have, yielding high confidentiality, integrity, and availability impact per the CVSS 7.8 (High) rating. No public exploit identified at time of analysis; the flaw was reported by Dell and disclosed in advisory DSA-2026-300.
Protection mechanism failure in Dell ThinOS 10 (versions prior to 2605_10.2100) allows an unauthenticated attacker with physical device access to bypass encryption controls and gain unauthorized read and write access to data stored on the thin client. The flaw, classified as CWE-693, indicates the encryption or authentication protection subsystem can be circumvented without any credentials, consistent with the Authentication Bypass tag and CVSS PR:N rating. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, though the physical access constraint limits but does not eliminate risk in environments with unattended or theft-prone thin clients.
Local information disclosure in Dell PowerScale OneFS (9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2) arises from sensitive data being written to log files, allowing a low-privileged local user to read secrets they should not access. Dell reported the issue (advisory DSA-2026-261) with no public exploit identified at time of analysis. Exploitation requires existing local, authenticated access to the cluster, limiting reach to insiders or attackers who have already established a foothold.
Elevation of privileges in Dell PowerScale OneFS versions 9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2 allows a high-privileged local attacker to escalate beyond their authorized access level due to improper privilege management (CWE-269). While the CVSS 3.1 base score of 6.7 reflects the local access and high-privilege prerequisites that constrain exploitability, the full C:H/I:H/A:H impact triad signals complete system compromise upon successful exploitation - a serious outcome for enterprise NAS infrastructure that frequently stores sensitive organizational data. No public exploit code or CISA KEV listing has been identified at time of analysis.
Unauthorized file disclosure in Dell Unisphere for PowerMax 10.3.0.5 and prior is achievable by a remote low-privileged attacker via an XML External Entity (XXE) injection flaw (CWE-611). By submitting crafted XML containing external entity declarations to a vulnerable parsing endpoint, an authenticated attacker can cause the server to read and return sensitive local files or initiate server-side requests, resulting in High confidentiality impact. No public exploit code or CISA KEV listing has been identified at time of analysis; however, Dell has issued advisory DSA-2026-272 covering this and related vulnerabilities across the PowerMax product family.
Remote command execution in Dell Unisphere for PowerMax versions 10.3.0.5 and prior allows a low-privileged authenticated user to run arbitrary OS commands with root privileges by abusing unsafe deserialization of untrusted data (CWE-502). Because the CVSS vector is AV:N/AC:L/PR:L, any account with minimal access on the management interface can escalate to full root control of the storage-management appliance. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but the low attack complexity and full CIA impact make it a high-priority patch for storage administrators.
SQL injection in Dell PowerFlex Manager prior to version 5.1.0.1 allows a remote, low-privileged authenticated attacker to inject crafted SQL commands through the management interface, resulting in information disclosure and unauthorized access to data beyond the attacker's authorized scope. Rated CVSS 8.5 with a scope-changed vector, the flaw is reported by Dell (DSA-2026-066) and carries confidentiality impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
SQL injection in Dell PowerFlex Manager before 5.1.0.1 lets a low-privileged, remotely authenticated user inject crafted SQL into a backend query, resulting in unauthorized reading of database contents (information exposure). The flaw is fixed in 5.1.0.1 per Dell advisory DSA-2026-066, and there is no public exploit identified at time of analysis. Because exploitation requires a valid low-privilege account, the practical risk is highest in multi-tenant or broadly-provisioned management deployments rather than internet-facing unauthenticated exposure.
Root-level OS command execution in Dell PowerFlex Manager (versions prior to 5.1.0.1) lets a remote, high-privileged attacker inject operating-system commands during OS Repository processing, resulting in full appliance compromise. Because PowerFlex Manager orchestrates storage and HCI infrastructure, code execution as root also enables lateral movement into managed nodes. There is no public exploit identified at time of analysis, and Dell has released a fixed build (5.1.0.1) via advisory DSA-2026-066.
Path traversal in Dell Unisphere for PowerMax 10.3.0.5 and prior exposes arbitrary files on the underlying server to remote attackers holding low-privileged credentials. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms high confidentiality impact with no integrity or availability consequence, consistent with a read-only directory traversal flaw. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis, though the low attack complexity raises concern for rapid weaponization if credentials are compromised.
Improper authorization enforcement in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6, plus LTS branches 8.6.1.0-8.6.1.10, 8.3.1.0-8.3.1.30, and 7.13.1.0-7.13.1.70) allows a low-privileged, remote authenticated attacker to reach resources or actions beyond their assigned role, resulting in unauthorized access. Rated CVSS 8.8 (High) with high confidentiality, integrity, and availability impact and low attack complexity. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low barrier to exploitation for any existing account makes this a meaningful escalation risk on these backup appliances.
Denial of service in Dell PowerProtect Data Domain (DDOS versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70) allows a remote, unauthenticated attacker to crash or hang the appliance by triggering an integer overflow (CWE-190). Per the CVSS vector (PR:N/UI:N), no authentication or user interaction is required, and the impact is confined to availability (C:N/I:N/A:H) - no data disclosure or code execution. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV; EPSS was not provided.
Unauthorized file modification in Dell PowerProtect Data Domain allows a high-privileged remote attacker to write files outside the intended restricted directory via path traversal. Affected across multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 branches. Dell has published advisory DSA-2026-278 addressing this flaw; no public exploit code or active exploitation has been identified at time of analysis.
Stored cross-site scripting in Dell PowerProtect Data Domain (DD OS 7.7.1.0 through 8.7, plus the LTS2026 8.6.1.x, LTS2025 8.3.1.x, and LTS2024 7.13.1.x branches) lets a remote attacker persist malicious script in the appliance management interface that executes in other users' browser sessions. Because the flaw is reachable without authentication and the injected payload runs in the victim's authenticated context, an attacker can achieve information disclosure, session/token theft, and client-side request forgery against operators of the backup appliance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Dell has published advisory DSA-2026-278.
OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 branches) lets an already-authenticated, high-privileged remote user break out of the appliance's restricted management context and run arbitrary commands as root. Dell rates it Critical because the flaw defeats the platform's protection mechanism and yields full root-level code execution on the backup appliance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Dell explicitly urges customers to upgrade at the earliest opportunity.
Path traversal leading to full system compromise affects Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0 through 8.7, plus the LTS2026 (8.6.1.0-8.6.1.10), LTS2025 (8.3.1.0-8.3.1.30), and LTS2024 (7.13.1.0-7.13.1.70) branches. Per the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N), an unauthenticated remote attacker can traverse outside the intended directory to gain unauthorized access and, according to Dell, take complete control of the system. Dell rates this critical (9.8) and its tags note an authentication-bypass characteristic; no public exploit identified at time of analysis and it is not currently in CISA KEV.
Improper authentication in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 branches) lets an unauthenticated, remote attacker bypass authentication and gain unauthorized access that Dell says can escalate to complete system control. Dell rates it critical (CVSS 9.8, CWE-287). No public exploit identified at time of analysis, and it is not listed in CISA KEV, but the network-facing, no-privilege attack profile makes it a high-priority patch for backup/data-protection infrastructure.
OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged local attacker to execute arbitrary operating system commands. Affected versions span the main release line (7.7.1.0-8.7) as well as LTS2024, LTS2025, and LTS2026 branch releases. No public exploit code or active exploitation has been identified at time of analysis; the local access and high-privilege prerequisites substantially constrain the realistic attack surface despite the full C/I/A impact scores.
Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025 and LTS2024 branches) lets a high-privileged, remotely-authenticated attacker run operating-system commands on the backup appliance by injecting special characters into an OS command context. The flaw was reported by Dell and is addressed in advisory DSA-2026-278; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because it grants full command execution on a data-protection appliance, successful exploitation can compromise the confidentiality, integrity and availability of backup data.
OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 maintenance branches) lets an authenticated high-privileged remote attacker execute arbitrary operating-system commands on the appliance via improperly neutralized special characters (CWE-78). Because the attacker already holds elevated privileges, the flaw functions as a privilege-boundary and integrity break - turning administrative access into full underlying-OS command execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Dell and fixed in advisory DSA-2026-278.
Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70) lets a high-privileged remote attacker inject arbitrary operating-system commands and execute them on the appliance. Successful exploitation yields full confidentiality, integrity, and availability impact (CVSS 7.2), effectively giving an authenticated administrator command execution on the underlying OS of a backup/data-protection system. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Integer overflow in Dell PowerProtect Data Domain across multiple release trains (main, LTS2024, LTS2025, LTS2026) exposes backup and data protection infrastructure to remote denial of service by an unauthenticated attacker. The CVSS vector (AV:N/AC:H/PR:N) confirms network-accessible, unauthenticated exploitation, though high attack complexity constrains practical exploitation to adversaries who can satisfy specific preconditions. No public exploit has been identified at time of analysis, and the vulnerability has not been added to the CISA Known Exploited Vulnerabilities catalog.
Symlink-following vulnerability in Dell PowerProtect Data Domain allows a high-privileged remote attacker to traverse outside intended file paths and read arbitrary files, resulting in information disclosure. Multiple version branches are affected, including the current mainstream 8.7 release, LTS2026 builds through 8.6.1.10, LTS2025 builds through 8.3.1.30, and LTS2024 builds through 7.13.1.70. Dell published advisory DSA-2026-278 addressing this issue; no public exploit code or active exploitation has been identified at time of analysis.
Information exposure in Dell PowerProtect Data Domain across multiple release tracks allows a low-privileged local attacker to read sensitive residual data via an uninitialized memory resource (CWE-908). The flaw spans the mainline 7.7.1.0-8.7 branch and three LTS tracks (LTS2024, LTS2025, LTS2026), confirmed by Dell via advisory DSA-2026-278. No public exploit code exists and no active exploitation has been identified; the CVSS 3.3 score and local-only attack vector place this firmly in the low-severity tier.
OS command injection in Dell PowerProtect Data Domain enables a high-privileged local attacker to execute arbitrary operating system commands on the backup appliance, achieving full command execution within the Data Domain OS (DDOS). The flaw spans the general release track (7.7.1.0-8.6) and three LTS streams (LTS2024, LTS2025, LTS2026), indicating a shared vulnerable code path across a wide version surface. No public exploit code or CISA KEV listing exists at time of analysis, and the PR:H/AV:L prerequisites meaningfully constrain real-world risk to insider threats or post-compromise scenarios.
Incorrect authorization in Dell PowerProtect Data Domain permits a high-privileged local attacker to execute commands outside their authorized scope across a broad span of affected versions covering the main release line and all three active LTS branches. The root cause (CWE-863) indicates the appliance's Data Domain OS fails to enforce authorization boundaries correctly for certain operations accessible to already-elevated users, enabling privilege escalation within an authenticated administrative session. No public exploit code or active exploitation is confirmed at time of analysis; the CVSS 4.2 Medium score accurately reflects the significant access prerequisites - local presence plus high-level credentials - required to trigger the flaw.
Dell PowerProtect Data Domain exposes sensitive file content to high-privileged local attackers through a symlink-following flaw (CWE-59), where the application fails to validate link targets before file access. Affected versions span multiple release trains including the current 8.x mainline and LTS branches. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Sensitive information disclosure in Dell PowerProtect Data Domain exposes credentials or configuration data to local low-privileged attackers via insufficiently protected log files. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, with specific LTS branches also impacted. No public exploit code or active exploitation has been identified at time of analysis, but the high confidentiality impact (C:H) warrants prompt patching on any appliance accessible to untrusted local users or shared administrative accounts.
Improper access control in the RBAC implementation of Dell PowerProtect Data Domain allows a low-privileged authenticated remote attacker to tamper with information beyond their authorized role scope. Affected releases span the main 7.7.1.0-8.6 line and three LTS tracks covering LTS2024, LTS2025, and LTS2026. No public exploit code has been identified and exploitation has not been confirmed by CISA KEV, placing this as a medium-priority issue requiring patch scheduling rather than emergency response.
OS command injection in Dell PowerProtect Data Domain across four version release trains allows a high-privileged remote attacker to execute arbitrary operating system commands on the appliance. Affected products span mainline versions 7.7.1.0 through 8.7 and three LTS branches, confirmed by Dell Security Advisory DSA-2026-278. No public exploit identified at time of analysis and the CVE is absent from CISA KEV; however, the high integrity and availability impact (I:H/A:H) on a backup appliance makes patching urgent for environments where backup infrastructure is shared or admin credentials are broadly distributed.
Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory contents and crash the service across multiple concurrent release trains. Affected versions span the mainline (7.7.1.0-8.7), LTS2026 (8.6.1.0-8.6.1.10), LTS2025 (8.3.1.0-8.3.1.30), and LTS2024 (7.13.1.0-7.13.1.70) branches, creating broad organizational exposure for enterprises running any supported Data Domain release. No public exploit or confirmed active exploitation has been identified at time of analysis; the mandatory high-privilege prerequisite substantially constrains the realistic attacker pool.
Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perform limited information tampering, classified under CWE-348. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 long-term support branches. With a CVSS base score of 2.7 (Low) and no confirmed active exploitation or public proof-of-concept, real-world impact is constrained by the high privilege requirement and the limited integrity-only scope of the vulnerability.
Path traversal in Dell PowerProtect Data Domain allows a locally authenticated high-privileged attacker to read files outside restricted directories, resulting in information disclosure. Affected deployments span multiple release trains - standard releases 7.7.1.0 through 8.6, LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70. No public exploit identified at time of analysis; the low CVSS score of 2.3 correctly reflects the high privilege and local access prerequisites that substantially constrain real-world exploitation scope.
Incorrect permission assignment on a critical resource in Dell PowerProtect Data Domain exposes sensitive data to high-privileged local attackers across a broad range of supported release trains. The flaw (CWE-732) means a resource - likely a file, directory, or configuration object - carries overly permissive access controls, allowing a local attacker operating with elevated privileges to read data they are not authorized to access. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the breadth of affected versions (seven release trains spanning 2024-2026 LTS and mainline builds) increases aggregate exposure across enterprise backup environments.
Link-following exploitation in Dell PowerProtect Data Domain enables a high-privileged local attacker to read files outside their intended access scope by manipulating symbolic or hard links before file access operations resolve. Affected across multiple release trains - mainline 7.7.1.0 through 8.6, LTS2026 8.6.1.10 and below, LTS2025 8.3.1.30 and below, and LTS2024 7.13.1.70 and below. No public exploit code or active exploitation confirmed at time of analysis; risk is bounded by the requirement for pre-existing high-privilege local access.
Physical-access authentication bypass in Dell Client Platform BIOS (CWE-305) affects a sweeping range of Dell consumer, gaming, and enterprise platforms - including Inspiron, Alienware, Latitude, OptiPlex, and Precision lines. An unauthenticated attacker with physical access and the ability to meet high-complexity attack conditions can bypass the primary BIOS authentication mechanism, resulting in information disclosure and, per the CVSS integrity metric (I:H), potential high-integrity impact. Notably, the declared impact in the description is limited to 'Information Disclosure' while the supplied CVSS vector assigns I:H, a discrepancy that warrants clarification from Dell's advisory DSA-2026-195. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog.
Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. There is no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.12% (3rd percentile), but the SSVC technical impact is rated 'total', reflecting the complete compromise achievable once a foothold exists.
OS command injection in Dell Container Storage Modules (CSM) version 2.16.0 - spanning the csi-powerstore, csi-unity, csi-powerflex, and csi-powermax CSI drivers - lets a remote, high-privileged attacker inject and execute arbitrary operating-system commands (CWE-78). Successful exploitation yields full confidentiality, integrity, and availability impact with a scope change, meaning command execution can reach beyond the vulnerable component into the surrounding host or cluster. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 3.1 base score is 8.0 (High).
OS command injection in Dell Display and Peripheral Manager (DDPM) for macOS, all versions prior to 2.3, allows a low-privileged local user to inject and execute arbitrary operating-system commands through improperly neutralized special elements (CWE-78). Because the affected component is a privileged peripheral-management utility, successful injection can yield command execution with full impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, so risk is currently theoretical but high-impact for systems with this Dell utility installed.
Protection mechanism bypass in Dell Display and Peripheral Manager for Mac (versions prior to 2.3) stems from improper certificate validation, allowing a low-privileged local user to defeat a security control the application relies on. Dell self-reported the issue and there is no public exploit identified at time of analysis; EPSS is very low (0.07%) and CISA SSVC marks exploitation status as 'none', though technical impact is rated 'total'. The flaw affects the macOS build of DDPM, a companion utility for Dell monitors and peripherals.
Local privilege escalation in Dell Display and Peripheral Manager (DDPM) for Mac, versions prior to 2.3, lets a low-privileged local user win a race condition (CWE-362) to gain elevated privileges. The flaw stems from improper synchronization around a shared resource, and successful exploitation yields full compromise of confidentiality, integrity, and availability on the host. No public exploit identified at time of analysis, and EPSS is negligible (0.07%); CISA SSVC marks exploitation as none but technical impact as total.
Remote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the application's acceptance of extraneous untrusted data alongside trusted data (CWE-349). Per the provided CVSS vector (PR:N), a remote unauthenticated attacker could potentially achieve full code execution against the management server, though the Dell description text characterizes the actor as 'low privileged' - a discrepancy worth verifying. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Remote code execution in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) is reachable through a path traversal flaw (CWE-22) that lets an authenticated, high-privileged remote attacker access or write files outside the intended directory and ultimately execute arbitrary code on the management server. The CVSS 3.1 base score is 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), reflecting full confidentiality, integrity, and availability impact gated by a high-privilege requirement. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Local privilege escalation to code execution affects Dell Display and Peripheral Manager (DDPM) for Windows in all versions prior to 2.3, where an Improper Access Control flaw (CWE-284) lets a low-privileged local user execute arbitrary code in a higher-privileged context. The CVSS 3.1 base score is 7.8 (High), reflecting full confidentiality, integrity, and availability impact from a local, low-privilege starting point with no user interaction. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unbounded string concatenation in the Linux kernel's Dell WMI BIOS interface driver (dell-wmi-sysman) allows a local low-privileged attacker on Dell hardware to crash the kernel. The populate_enum_data() function bounds each individual firmware-provided string but applies no remaining-space check during cumulative strcat() calls into fixed 512-byte struct members, enabling a buffer overflow that results in complete system availability loss. With an EPSS of 0.17% (7th percentile), no public exploit code, and no CISA KEV listing, this is a low-likelihood but straightforward local denial-of-service on Dell platforms running unpatched kernel versions.
Authenticated SQL injection (CWE-89) in Dell Wyse Management Suite (WMS) before version 2605 lets a low-privileged remote user inject crafted SQL into application queries, yielding unauthorized read/write access to the management database with high impact to confidentiality, integrity, and availability. Tracked as EUVD-2026-38345 and disclosed by Dell in advisory DSA-2026-247, it carries CVSS 3.1 8.8 but has no public exploit identified at time of analysis and a low EPSS of 0.24% (15th percentile), with CISA SSVC reporting no known exploitation.
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote attackers to manipulate backend database queries, leading to unauthorized data access and potential integrity or availability impact. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability under low attack complexity, though no public exploit identified at time of analysis. The flaw is tagged with 'Authentication Bypass' implications, suggesting the SQLi could be leveraged to escalate beyond the attacker's initial low-privilege context.
Dell Wyse Management Suite (WMS) versions prior to 2605 ships with default credentials, enabling a high-privileged local attacker to authenticate using those credentials and access sensitive information. Reported by Dell under DSA-2026-247, the flaw is classified under CWE-1392 (Use of Default Credentials) and carries a CVSS 3.1 base score of 6.0, reflecting local-only attack surface constrained by the requirement for high privilege. No public exploit code or CISA KEV listing has been identified at time of analysis.
Local privilege-bound symlink abuse in Dell Wyse Management Suite (WMS) versions prior to 2605 allows a low-privileged local user to gain unauthorized access to files or resources they should not reach. The flaw is rooted in improper link resolution before file access (CWE-59), and while no public exploit has been identified at time of analysis, the CVSS 7.8 score reflects full confidentiality, integrity, and availability impact once the local prerequisite is met.
Local privilege escalation in Dell Server Hardware Manager versions prior to 3.2.2 allows a low-privileged local user to gain higher privileges due to improper access control (CWE-284). The CVSS 7.8 (AV:L/AC:L/PR:L/UI:N) reflects high impact across confidentiality, integrity, and availability once exploited. No public exploit identified at time of analysis and the CVE is not in CISA KEV.
Local privilege escalation in Dell AIOps Collector versions prior to 1.18.3 allows a low-privileged attacker with console access to obtain filesystem-level access by abusing default credentials shipped with fresh installations. The flaw only affects systems freshly installed at an earlier version; upgraded hosts are not impacted. No public exploit identified at time of analysis, and the issue is not on CISA KEV.
Host Header Injection in Dell PowerFlex Rack RCM 3.7 enables unauthenticated remote attackers to trigger open redirects by supplying a forged HTTP Host header, potentially redirecting victim users to attacker-controlled sites for phishing or credential harvesting. The CVSS 4.3 Medium score reflects the requirement for user interaction (UI:R) and limited confidentiality impact, with no integrity or availability consequence. No public exploit code has been identified at time of analysis, and the vulnerability has no CISA KEV listing.
SQL injection in Dell PowerFlex Manager allows a low-privileged attacker with adjacent-network access to inject SQL commands that the application processes against its backend database, leading to script injection and potential compromise of confidentiality, integrity, and availability. The flaw is reported by Dell with no public exploit identified at time of analysis, and EPSS exploitation probability is low (0.19%, 9th percentile).
SQL injection in Dell PowerFlex Manager exposes database contents to low-privileged adjacent-network attackers via insufficiently sanitized SQL command input. The vulnerability requires both network adjacency and existing low-level credentials, limiting its reach considerably from an opportunistic threat standpoint. No active exploitation has been confirmed by CISA KEV, and no public exploit code is known at time of analysis; the CVSS score of 3.5 (Low) reflects the constrained attack surface.
Improper access control in Dell PowerFlex Manager allows a low-privileged remote attacker to trigger a denial-of-service condition and tamper with integrity-sensitive operations against the software-defined storage management plane. Dell disclosed the issue in advisory DSA-2026-066, and at the time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.
Privilege escalation in Dell PowerFlex Manager allows a low-privileged attacker on an adjacent network segment to bypass access controls and gain unauthorized elevated access to the management plane. The CVSS 8.0 (High) score reflects significant confidentiality, integrity, and availability impact, though there is no public exploit identified at time of analysis and EPSS rates exploitation probability at only 0.13% (3rd percentile). CISA SSVC classifies exploitation as 'none' with non-automatable attack characteristics, indicating no observed real-world abuse despite the meaningful technical severity.
Dell PowerFlex Manager's improper access control (CWE-284) permits a remote, low-privileged attacker to cause a denial of service condition against the management platform. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms the attack is network-reachable with minimal complexity once credentials are obtained, and is limited in scope to availability degradation (A:L). No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Missing authentication on a critical function in Dell PowerFlex Manager allows an adjacent-network attacker to invoke privileged operations without credentials, yielding code execution, denial of service, information disclosure, tampering, and unauthorized access. No public exploit identified at time of analysis, and the affected version range was not populated in the source advisory placeholder. Dell self-reported the issue under DSA-2026-066.
Authentication bypass in Dell PowerFlex Manager allows an unauthenticated attacker with adjacent-network access to gain unauthorized access to the management plane, with high impact to integrity and availability of the software-defined storage fabric. Dell's DSA-2026-066 advisory addresses this and other PowerFlex flaws; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Affected version range is not enumerated in the public record, which constrains accurate exposure scoping.
Improper authentication in Dell PowerFlex Manager allows unauthenticated attackers with adjacent network access to bypass authentication controls, resulting in information disclosure, data tampering, and unauthorized access to managed storage infrastructure. The vulnerability carries a CVSS 8.1 rating reflecting high confidentiality and integrity impact, though no public exploit identified at time of analysis and EPSS scores it at 0.19% probability. SSVC scoring from CISA indicates no observed exploitation and partial technical impact.
Information disclosure in Dell PowerFlex Manager versions prior to 4.8 stems from inclusion of functionality from an untrusted control sphere (CWE-829), allowing remote attackers to obtain sensitive data when a user is enticed into interacting with attacker-controlled content. Dell rates the issue at CVSS 7.5 with high attack complexity and required user interaction, and no public exploit identified at time of analysis.
Broken or risky cryptographic algorithm use in Dell PowerFlex Manager 4.6.0.1 exposes network-accessible infrastructure management communications to potential interception and modification. Remote unauthenticated attackers who achieve the requisite network positioning - consistent with the CVSS AC:H rating - could exploit weak or deprecated cryptographic primitives to partially disclose sensitive management data (C:L) or tamper with communications in transit (I:L). Dell has published advisory DSA-2026-066 under the multi-CVE release DSA-2026-066; no public exploit code and no active exploitation (CISA KEV absent) have been identified at time of analysis.
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.
Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. Rated medium severity (CVSS 6.7).
Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. Rated medium severity (CVSS 6.7).
Weak password encoding in Dell Client Platform BIOS (CWE-261) exposes BIOS credentials to recovery by a physically present unauthenticated attacker, enabling privilege escalation through unauthorized BIOS access. Affected hardware spans ruggedized Latitude field devices, Precision workstation towers and racks, and Edge/Embedded Gateway platforms - product categories frequently deployed in physically accessible or unattended environments. No public exploit code exists and no active exploitation has been identified at time of analysis, but the combination of credential recoverability and high-confidentiality/high-integrity CVSS impact makes patching a priority for organizations managing assets in low-physical-security locations.
Arbitrary file write in Dell/Alienware Purchased Apps versions prior to 1.1.32.0 is achievable by a low-privileged local attacker through a link-following (CWE-59) flaw, enabling overwrite of files at elevated privilege levels and resulting in high integrity and availability impact. The CVSS vector (AV:L/AC:H/PR:L) confirms local access with high attack complexity is required, suggesting exploitation likely involves a race condition or carefully staged symlink placement. No active exploitation is confirmed (not in CISA KEV), and a vendor-released patch is available at version 1.1.32.0.
Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.
Link-following (symlink attack) in Dell iDRAC Tools versions prior to 11.4.1.0 allows a low-privileged local attacker to redirect file operations to unintended targets, resulting in unauthorized modification of files (high integrity impact) and potential availability disruption. Exploitation requires both low-level local access and user interaction, placing this in a constrained attack surface. No public exploit code and no CISA KEV listing have been identified at time of analysis, and no EPSS score was supplied in source data.
Denial of service in Dell BSAFE SSL-J allows unauthenticated remote attackers to exhaust resources on systems using the cryptographic library, rendering affected services unavailable. The flaw stems from CWE-770 (allocation of resources without limits or throttling) and carries a CVSS 7.5 score reflecting network-reachable, no-privilege exploitation with high availability impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Denial of service in FreeIPMI versions before 1.16.18 allows remote attackers to crash the ipmi-oem client by sending malformed IPMI response messages that trigger stack-based buffer overflows in the 'dell get-active-directory-config' and 'fujitsu get-sel-entry-long-text' subcommands. The flaw is client-side: a victim must invoke the affected subcommand against an attacker-controlled or compromised IPMI endpoint. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Local privilege escalation in Dell ThinOS 10 versions prior to ThinOS10 2602_10.0765 allows a low-privileged user with local access to elevate to higher privileges due to improper access control (CWE-284). The CVSS 3.1 base score of 7.8 reflects high impact on confidentiality, integrity, and availability, though exploitation requires existing local foothold. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Physical access to Dell ThinOS 10 endpoints running versions prior to ThinOS10 2602_10.0765 allows an unauthenticated attacker to bypass access controls, exposing sensitive information with high confidentiality and integrity impact. The flaw, rooted in CWE-284 (Improper Access Control), enables circumvention of authentication or authorization mechanisms at the device level without requiring prior credentials. No active exploitation has been confirmed (not in CISA KEV) and no public exploit has been identified; Dell has released a patched build addressing this issue.
Denial of service in the Linux kernel Ceph client allows local users with access to a Ceph-mounted filesystem to trigger d_hash list corruption and RCU stalls by inducing path lookups against reused cached negative dentries. The flaw stems from fs/ceph/dir.c calling d_add(dentry, NULL) on already-hashed negative dentries, creating self-loops in the hlist_bl bucket that cause __d_lookup() to spin indefinitely. EPSS is 0.02% (5th percentile) and no public exploit identified at time of analysis, but the bug has been reproduced organically in production (RCU stall on a Dell PowerEdge R7615 running 6.18.17).
Use-after-free in the Linux kernel bonding driver's Adaptive Load Balancing (ALB) subsystem allows a local low-privileged user to crash the kernel by racing rlb_arp_recv() against rlb_deinitialize() during rapid bond interface up/down cycling. Specifically, the RX handler continues to dereference rx_hashtbl entries after rlb_deinitialize() frees them, because recv_probe is set to NULL without first draining in-flight softirq handlers via synchronize_net(). Systems running bonded NICs in ALB mode (mode=6) on affected kernel versions - including Dell PowerEdge hardware and Canonical-distributed kernels - are at risk of kernel panic. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms no observed mass exploitation.
Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
Dell PowerFlex Manager versions 4.6.2 and earlier improperly store sensitive information in a manner accessible to low-privileged local users, resulting in unauthorized disclosure of confidential data with high confidentiality impact per CVSS. Affected deployments span both the Appliance and Rack form factors of the platform. No public exploit code has been identified at time of analysis and CISA KEV does not list this vulnerability, though the CWE-922 root cause and the 'Authentication Bypass' tag suggest the exposed data may include credentials or tokens that could enable downstream privilege escalation or lateral movement.
Broken or risky cryptographic algorithm use in Dell PowerFlex Manager's SSH component (versions ≤4.6.2) allows a locally authenticated low-privileged attacker to bypass SSH protection mechanisms, affecting both Appliance and Rack form factors. The CVSS vector (AV:L/AC:H/PR:L) reflects significant exploitation barriers: physical or logical local access is required, attack complexity is high, and impact is limited to partial confidentiality and integrity loss with no availability impact. Dell has published dual advisories (DSA-2025-434 for Appliance, DSA-2025-435 for Rack); no public exploit or CISA KEV listing exists at time of analysis.
Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft malicious application URLs that silently redirect targeted users to arbitrary attacker-controlled web destinations. Exploitation requires user interaction (CVSS UI:R) - a victim must follow a specially crafted link - but no authentication or special privileges are needed on the attacker's side. The primary risk is phishing: because the initial URL appears to point at a legitimate Dell infrastructure management portal, users are more likely to trust and follow it, making credential theft or sensitive data disclosure against PowerFlex administrators a realistic outcome. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Improper certificate validation in Dell PowerFlex Manager version 4.6.2 and earlier allows an unauthenticated attacker on an adjacent network to intercept and tamper with protected communications. The flaw (CWE-295) means the product fails to adequately verify peer certificates during TLS/SSL exchanges, enabling a man-in-the-middle position to read or modify in-transit management data. No active exploitation is confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis.
Insecure storage of sensitive information in Dell PowerFlex Manager versions up to and including 4.6.2 exposes credentials, keys, or configuration secrets to any attacker with local OS-level access to the appliance - no PowerFlex Manager authentication required. The CVSS vector (AV:L/AC:L/PR:N/UI:N) confirms the attacker needs only local system access, not application credentials, to retrieve the improperly protected data. No public exploit identified at time of analysis and no CISA KEV listing; however, the 'Authentication Bypass' tag in the intelligence data suggests the exposed sensitive material may itself enable downstream privilege escalation or authentication bypass against PowerFlex or its managed infrastructure.
Incorrect Privilege Assignment in Dell PowerFlex Manager version 4.6.2 and earlier (both Appliance and Rack form factors) allows a low-privileged local attacker to escalate their privileges, impacting confidentiality, integrity, and availability at a low level each (CVSS 5.3 Medium, CWE-266). Dell has published dual advisories (DSA-2025-434 and DSA-2025-435) addressing the Appliance and Rack variants respectively. No public exploit code and no active exploitation have been identified at time of analysis.
Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate directory contents, potentially revealing sensitive files, configuration data, or internal path structures. Both the Appliance and Rack deployment forms are confirmed affected per Dell advisories DSA-2025-434 and DSA-2025-435. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, but the combination of Information Disclosure and Privilege Escalation tags suggests the exposed directory contents may facilitate further privilege escalation beyond initial information leakage.
Information disclosure in Dell PowerFlex Manager (Appliance, Rack, and core Manager) versions 4.6.2 and earlier allows unauthenticated remote attackers to enumerate server contents through exposed directory listings. The flaw carries a CVSS 7.5 (high) rating driven entirely by confidentiality impact and requires no privileges or user interaction, though no public exploit identified at time of analysis and the issue is not on CISA KEV.
Command injection in Dell SmartFabric Storage Software versions prior to 1.4.5 enables a high-privileged local attacker to gain unauthorized read and write access to the underlying filesystem. Exploitation requires local system presence and high-level privileges, with the CVSS vector (AV:L/AC:H/PR:H) indicating a constrained threat surface despite the high confidentiality, integrity, and availability impact scores. No public exploit identified at time of analysis, and this vulnerability is not listed in CISA KEV.
An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.
Improper SSL/TLS certificate validation in Dell Live Optics Windows and Personal Edition collectors allows remote attackers to intercept and modify data transmitted by the collector. The vulnerability requires network positioning (man-in-the-middle) and user interaction, making exploitation moderately complex but enabling complete compromise of data confidentiality and integrity for collector communications. Dell has released patches in version 27.1.10.1 to address the certificate validation flaw.