177
CVEs
6
Critical
73
High
1
KEV
0
PoC
27
Unpatched C/H
75.1%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
6
HIGH
73
MEDIUM
90
LOW
8
Monthly CVE Trend
Affected Products (30)
Powerscale Onefs
78
Emc Powerscale Onefs
60
Latitude 9410 Firmware
57
Latitude 5511 Firmware
56
Latitude 5411 Firmware
56
Latitude 7310 Firmware
55
Embedded Box Pc 5000 Firmware
55
Latitude 7410 Firmware
55
Latitude 7480 Firmware
54
Latitude 5400 Firmware
54
Latitude 5310 Firmware
54
Vostro 3681 Firmware
53
Latitude 7290 Firmware
53
Chengming 3991 Firmware
53
Latitude 5310 2 In 1 Firmware
53
Latitude 9510 Firmware
53
Inspiron 3881 Firmware
53
Chengming 3990 Firmware
53
Precision 3550 Firmware
53
Vostro 3888 Firmware
53
Inspiron 3880 Firmware
53
Optiplex 3080 Firmware
53
Latitude 7390 Firmware
53
Vostro 3881 Firmware
53
Latitude 5410 Firmware
53
Latitude 7490 Firmware
53
Optiplex 7080 Firmware
53
Latitude 5500 Firmware
52
Precision 3440 Firmware
52
Latitude 5510 Firmware
52
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-22769 | Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data. | CRITICAL | 10.0 | 34.2% | 134 |
KEV
|
| CVE-2026-53481 | Path traversal leading to full system compromise affects Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0 through 8.7, plus the LTS2026 (8.6.1.0-8.6.1.10), LTS2025 (8.3.1.0-8.3.1.30), and LTS2024 (7.13.1.0-7.13.1.70) branches. Per the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N), an unauthenticated remote attacker can traverse outside the intended directory to gain unauthorized access and, according to Dell, take complete control of the system. Dell rates this critical (9.8) and its tags note an authentication-bypass characteristic; no public exploit identified at time of analysis and it is not currently in CISA KEV. | CRITICAL | 9.8 | 0.6% | 50 |
|
| CVE-2026-53483 | Improper authentication in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 branches) lets an unauthenticated, remote attacker bypass authentication and gain unauthorized access that Dell says can escalate to complete system control. Dell rates it critical (CVSS 9.8, CWE-287). No public exploit identified at time of analysis, and it is not listed in CISA KEV, but the network-facing, no-privilege attack profile makes it a high-priority patch for backup/data-protection infrastructure. | CRITICAL | 9.8 | 0.6% | 50 |
|
| CVE-2026-41120 | Remote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the application's acceptance of extraneous untrusted data alongside trusted data (CWE-349). Per the provided CVSS vector (PR:N), a remote unauthenticated attacker could potentially achieve full code execution against the management server, though the Dell description text characterizes the actor as 'low privileged' - a discrepancy worth verifying. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. | CRITICAL | 9.8 | 0.3% | 49 |
No patch
|
| CVE-2026-40636 | Hard-coded credentials in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale <4.3.0.0 allow unauthenticated filesystem access. Despite CVSS 9.8 (network vector), the description explicitly states 'local access' is required, creating a critical discrepancy between scoring and actual attack surface. Attackers with local system access can leverage embedded credentials to gain unauthorized filesystem access. No active exploitation (CISA KEV) or public exploit confirmed at time of analysis. Dell advisory DSA-2026-047 addresses the vulnerability. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-56688 | Root-level OS command execution in Dell PowerFlex Manager (versions prior to 5.1.0.1) lets a remote, high-privileged attacker inject operating-system commands during OS Repository processing, resulting in full appliance compromise. Because PowerFlex Manager orchestrates storage and HCI infrastructure, code execution as root also enables lateral movement into managed nodes. There is no public exploit identified at time of analysis, and Dell has released a fixed build (5.1.0.1) via advisory DSA-2026-066. | CRITICAL | 9.1 | 1.3% | 46 |
|
| CVE-2024-24909 | Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution. | HIGH | 8.8 | 0.4% | 44 |
|
| CVE-2026-54469 | Remote command execution in Dell Unisphere for PowerMax versions 10.3.0.5 and prior allows a low-privileged authenticated user to run arbitrary OS commands with root privileges by abusing unsafe deserialization of untrusted data (CWE-502). Because the CVSS vector is AV:N/AC:L/PR:L, any account with minimal access on the management interface can escalate to full root control of the storage-management appliance. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but the low attack complexity and full CIA impact make it a high-priority patch for storage administrators. | HIGH | 8.8 | 0.4% | 44 |
|
| CVE-2026-35065 | Missing authentication on a critical function in Dell PowerFlex Manager allows an adjacent-network attacker to invoke privileged operations without credentials, yielding code execution, denial of service, information disclosure, tampering, and unauthorized access. No public exploit identified at time of analysis, and the affected version range was not populated in the source advisory placeholder. Dell self-reported the issue under DSA-2026-066. | HIGH | 8.8 | 0.3% | 44 |
No patch
|
| CVE-2026-44272 | SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote attackers to manipulate backend database queries, leading to unauthorized data access and potential integrity or availability impact. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability under low attack complexity, though no public exploit identified at time of analysis. The flaw is tagged with 'Authentication Bypass' implications, suggesting the SQLi could be leveraged to escalate beyond the attacker's initial low-privilege context. | HIGH | 8.8 | 0.2% | 44 |
|
| CVE-2026-44271 | Authenticated SQL injection (CWE-89) in Dell Wyse Management Suite (WMS) before version 2605 lets a low-privileged remote user inject crafted SQL into application queries, yielding unauthorized read/write access to the management database with high impact to confidentiality, integrity, and availability. Tracked as EUVD-2026-38345 and disclosed by Dell in advisory DSA-2026-247, it carries CVSS 3.1 8.8 but has no public exploit identified at time of analysis and a low EPSS of 0.24% (15th percentile), with CISA SSVC reporting no known exploitation. | HIGH | 8.8 | 0.2% | 44 |
|
| CVE-2026-26944 | Missing authentication in Dell PowerProtect Data Domain 7.7.1.0-8.6 and LTS releases allows remote unauthenticated attackers to execute arbitrary commands with root privileges when combined with user interaction. Affects enterprise backup appliances across multiple release branches including LTS2025 (8.3.1.0-8.3.1.20) and LTS2024 (7.13.1.0-7.13.1.60). CVSS 8.8 with network vector but requires user interaction (UI:R), reducing immediate automation risk. No EPSS or KEV data available at time of analysis, indicating vulnerability is newly disclosed. Dell security advisory DSA-2026-060 confirms patch availability. | HIGH | 8.8 | 0.1% | 44 |
|
| CVE-2026-26358 | Dell Unisphere for PowerMax 10.2 lacks proper authorization checks, allowing authenticated remote attackers to bypass access controls and gain unauthorized administrative capabilities. This missing authorization vulnerability (CWE-862) affects users who have any valid account credentials on affected systems. No patch is currently available, making this a critical risk for organizations operating vulnerable PowerMax installations. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-26359 | Dell Unisphere for PowerMax 10.2 contains a path traversal vulnerability that allows authenticated remote attackers to overwrite arbitrary files on the system. This HIGH severity flaw (CVSS 8.8) requires only low privileges and network access to exploit, potentially enabling complete system compromise. No patch is currently available for this vulnerability. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-22765 | Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote attackers to escalate their privileges. An attacker with low-level credentials can bypass authorization checks to gain high-privilege access to the system, potentially compromising confidentiality, integrity, and availability. No patch is currently available for this vulnerability. | HIGH | 8.8 | 0.0% | 44 |
No patch
|