106
CVEs
2
Critical
39
High
1
KEV
0
PoC
13
Unpatched C/H
73.6%
Patch Rate
0.4%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
39
MEDIUM
55
LOW
5
Monthly CVE Trend
Affected Products (30)
Powerscale Onefs
21
Unity Operating Environment
19
Linux Kernel
15
Smartfabric Os10
14
Powerprotect Data Manager
13
Wyse Management Suite
13
Data Domain Operating System
10
Cloudlink
8
Powerflex Manager
8
Powerflex Manager Rack
7
Alienware Command Center
7
Thinos
7
Powerflex Manager Appliance
7
Supportassist Os Recovery
5
Ubuntu
5
Objectscale
5
Elastic Cloud Storage
5
Storage Manager
5
Secure Connect Gateway
4
Networker
4
Unisphere For Powermax
4
Precision 3490 Firmware
3
Precision 3590 Firmware
3
Recoverpoint For Virtual Machines
3
Open Redirect
3
Latitude 7650 Firmware
3
Latitude 7350 Firmware
3
Latitude 5550 Firmware
3
Latitude 5350 Firmware
3
Latitude 7350 Detachable Firmware
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-22769 | Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data. | CRITICAL | 10.0 | 34.2% | 134 |
KEV
|
| CVE-2026-40636 | Hard-coded credentials in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale <4.3.0.0 allow unauthenticated filesystem access. Despite CVSS 9.8 (network vector), the description explicitly states 'local access' is required, creating a critical discrepancy between scoring and actual attack surface. Attackers with local system access can leverage embedded credentials to gain unauthorized filesystem access. No active exploitation (CISA KEV) or public exploit confirmed at time of analysis. Dell advisory DSA-2026-047 addresses the vulnerability. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-26944 | Missing authentication in Dell PowerProtect Data Domain 7.7.1.0-8.6 and LTS releases allows remote unauthenticated attackers to execute arbitrary commands with root privileges when combined with user interaction. Affects enterprise backup appliances across multiple release branches including LTS2025 (8.3.1.0-8.3.1.20) and LTS2024 (7.13.1.0-7.13.1.60). CVSS 8.8 with network vector but requires user interaction (UI:R), reducing immediate automation risk. No EPSS or KEV data available at time of analysis, indicating vulnerability is newly disclosed. Dell security advisory DSA-2026-060 confirms patch availability. | HIGH | 8.8 | 0.1% | 44 |
|
| CVE-2026-26358 | Dell Unisphere for PowerMax 10.2 lacks proper authorization checks, allowing authenticated remote attackers to bypass access controls and gain unauthorized administrative capabilities. This missing authorization vulnerability (CWE-862) affects users who have any valid account credentials on affected systems. No patch is currently available, making this a critical risk for organizations operating vulnerable PowerMax installations. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-26359 | Dell Unisphere for PowerMax 10.2 contains a path traversal vulnerability that allows authenticated remote attackers to overwrite arbitrary files on the system. This HIGH severity flaw (CVSS 8.8) requires only low privileges and network access to exploit, potentially enabling complete system compromise. No patch is currently available for this vulnerability. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-22765 | Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote attackers to escalate their privileges. An attacker with low-level credentials can bypass authorization checks to gain high-privilege access to the system, potentially compromising confidentiality, integrity, and availability. No patch is currently available for this vulnerability. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-22273 | Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentials in the operating system that a remote authenticated attacker can leverage to gain elevated privileges. An attacker with low-level access can exploit this vulnerability to achieve full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available for affected versions. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-24502 | Command \| Intel Vpro Out Of Band versions up to 4.7.0 is affected by uncontrolled search path element (CVSS 8.8). | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-23853 | Local attackers can gain full system access to Dell PowerProtect Data Domain storage systems without authentication due to weak default credentials in DD OS versions 7.7.1.0-8.5, 8.3.1.0-8.3.1.20, and 7.13.1.0-7.13.1.50. The vulnerability allows complete system compromise (CVSS 8.4) with high confidentiality, integrity, and availability impact despite requiring local access. No active exploitation confirmed (EPSS 0.01%, not in CISA KEV), and Dell has released patches across all affected release branches. SSVC framework rates this as total technical impact but non-automatable and not currently exploited. | HIGH | 8.4 | 0.0% | 42 |
|
| CVE-2026-23857 | Dell Update Package Framework versions 23.12.00 through 24.12.00 suffers from improper privilege handling that allows local attackers with low-level user accounts to escalate their privileges on affected systems. An attacker with interactive access could exploit this vulnerability to gain elevated permissions, potentially compromising system integrity and confidentiality. No patch is currently available for this high-severity vulnerability. | HIGH | 8.2 | 0.0% | 41 |
No patch
|
| CVE-2026-35071 | OS command injection in Dell PowerScale InsightIQ 6.0.0 through 6.2.0 allows high-privileged local administrators to execute arbitrary system commands with elevated privileges, achieving container escape (scope change) on the storage cluster management platform. Dell published security advisory DSA-2026-208 addressing this vulnerability. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation at time of analysis. | HIGH | 8.2 | 0.0% | 41 |
|
| CVE-2026-22278 | Powerscale Onefs versions up to 9.13.0.0 is affected by improper restriction of excessive authentication attempts (CVSS 8.1). | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2026-26360 | Dell Unisphere for PowerMax versions 10.2 suffer from a path traversal vulnerability (CWE-73) that allows authenticated remote attackers to delete arbitrary files on affected systems. An attacker with low-level privileges can exploit this flaw without user interaction to achieve denial of service or system compromise. No patch is currently available for this high-severity issue (CVSS 8.1). | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2026-26354 | Stack-based buffer overflow in Dell PowerProtect Data Domain DD OS allows remote unauthenticated attackers to execute arbitrary commands on vulnerable appliances. Affects Feature Release versions 7.7.1.0-8.6, LTS2025 (8.3.1.0-8.3.1.10), and LTS2024 (7.13.1.0-7.13.1.60). Despite network-accessible attack vector (AV:N/PR:N), high attack complexity (AC:H) indicates specialized exploit conditions. CISA SSVC framework rates exploitation as 'none' and automatable as 'no', suggesting manual, targeted exploitation rather than mass scanning. No active exploitation confirmed at time of analysis. Dell has released patches across all affected release tracks (DSA-2026-060). | HIGH | 8.1 | 0.0% | 41 |
|
| CVE-2026-22267 | Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote attackers with low-level credentials to escalate their privileges on affected systems. The vulnerability requires network access and valid authentication but no user interaction, making it exploitable by insiders or attackers who have obtained legitimate credentials. No patch is currently available. | HIGH | 8.1 | 0.0% | 41 |
No patch
|