12
CVEs
0
Critical
5
High
0
KEV
0
PoC
4
Unpatched C/H
16.7%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
5
MEDIUM
5
LOW
1
Monthly CVE Trend
Affected Products (30)
Command Injection
38
Powerscale Onefs
21
Unity Operating Environment
19
Linux Kernel
19
Smartfabric Os10
14
Powerprotect Data Manager
13
Wyse Management Suite
13
Data Domain Operating System
10
Cloudlink
8
Thinos
7
Alienware Command Center
7
Ubuntu
6
Storage Manager
5
Memory Corruption
5
Objectscale
5
Supportassist Os Recovery
5
Debian Linux
5
Elastic Cloud Storage
5
Null Pointer Dereference
5
Networker
4
Stack Overflow
4
Unisphere For Powermax
4
Secure Connect Gateway
4
Latitude 5350 Firmware
3
Precision 3490 Firmware
3
Precision 3590 Firmware
3
Latitude 7350 Detachable Firmware
3
Latitude 5550 Firmware
3
Latitude 7450 Firmware
3
Recoverpoint For Virtual Machines
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-23862 | Dell ThinOS 10 versions before 2602_10.0573 contain a command injection flaw that allows local attackers with low privileges to execute arbitrary commands and escalate their access rights. The vulnerability stems from improper sanitization of special elements in user-supplied input, requiring only local access and no user interaction to exploit. No patch is currently available. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2026-28261 | Local privilege escalation in Dell Elastic Cloud Storage (≤3.8.1.7) and ObjectScale (<4.1.0.3, =4.2.0.0) allows authenticated users with low privileges to extract credentials from log files and escalate to compromised account privileges. CVSS 7.8 (High). No public exploit identified at time of analysis. EPSS data not available, but local access requirement and low attack complexity suggest moderate exploitation likelihood in multi-tenant or shared administrative environments. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-33554 | FreeIPMI versions before 1.16.17 contain exploitable buffer overflow vulnerabilities in the ipmi-oem command's response message handling for three vendor-specific subcommands: Dell's get-last-post-code, Supermicro's extra-firmware-info, and Wistron's read-proprietary-string. An attacker who can intercept or control IPMI server responses could trigger these buffer overflows to achieve arbitrary code execution on systems running vulnerable versions of FreeIPMI. No CVSS score, EPSS data, or public exploitation confirmation is currently available, but the vulnerabilities are documented in Savannah bug reports with clear technical details. | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2026-22767 | UNIX symbolic link following in Dell AppSync 4.6.0 allows local authenticated attackers with low privileges to tamper with information and potentially escalate impact to high integrity and availability compromise. CVSS 7.3 (High) with low attack complexity. No public exploit identified at time of analysis. EPSS data not available, but local-only access requirement significantly reduces real-world attack surface compared to remotely exploitable vulnerabilities. | HIGH | 7.3 | 0.0% | 37 |
No patch
|
| CVE-2026-22768 | Incorrect permission assignment in Dell AppSync 4.6.0 enables local privilege escalation to high-impact system access. Authenticated attackers with low-privilege local access can exploit misconfigured resource permissions to elevate privileges, achieving full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis. Dell has released security advisory DSA-2026-163 addressing this vulnerability. EPSS data unavailable; CVSS 7.3 reflects significant local threat requiring user interaction. | HIGH | 7.3 | 0.0% | 37 |
No patch
|
| CVE-2026-27102 | Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.6 and 9.11.0.0 through 9.13.0.1 contain an incorrect privilege assignment vulnerability allowing local authenticated attackers to escalate privileges with low complexity, potentially achieving partial confidentiality and integrity compromise alongside high availability impact. No public exploit code or active exploitation has been identified at the time of analysis, though the local attack vector and straightforward exploitation path (AC:L) indicate moderate real-world risk for environments where local access controls are weak. | MEDIUM | 6.6 | 0.0% | 33 |
No patch
|
| CVE-2026-26945 | A Process Control vulnerability (CWE-114) exists in Dell Integrated Dell Remote Access Controller (iDRAC) across multiple generations that allows a high-privileged attacker with adjacent network access to achieve code execution. Affected versions include iDRAC 9 (14G prior to 7.00.00.181, 15G and 16G prior to 7.20.10.50) and iDRAC 10 (17G prior to 1.20.25.00). While the CVSS score of 5.3 is moderate, the integrity impact is rated high and remote code execution capability presents significant risk to out-of-band management infrastructure. | MEDIUM | 5.3 | 0.0% | 27 |
No patch
|
| CVE-2026-26948 | Dell Integrated Dell Remote Access Controller (iDRAC) versions 9, 14G (prior to 7.00.00.174), 15G, and 16G (prior to 7.10.90.00) contain an exposure of sensitive system information vulnerability caused by uncleared debug information in memory or logs. A remote attacker with high privileges can exploit this to disclose confidential system details without modifying or disrupting service availability. While the CVSS score is moderate at 4.9 due to high privilege requirements, the confidentiality impact is rated high, making this relevant for organizations where insider threats or compromised administrator accounts are a concern. | MEDIUM | 4.9 | 0.0% | 25 |
No patch
|
| CVE-2026-27101 | Path traversal vulnerability in Dell Secure Connect Gateway (SCG) versions 5.28.00.xx through 5.32.00.xx allows high-privileged attackers on the management network to bypass directory restrictions and achieve remote code execution. With a CVSS score of 4.7 and requiring high privilege level access, this vulnerability poses moderate risk to organizations running vulnerable SCG versions but is limited by the need for administrative-level attacker access within the management network. No public exploit code or active exploitation has been confirmed at time of analysis. | MEDIUM | 4.7 | 0.2% | 24 |
No patch
|
| CVE-2026-24511 | Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.6 and 9.11.0.0 through 9.13.0.0 disclose sensitive information through error messages accessible to high-privileged local attackers. The vulnerability stems from improper error handling (CWE-209) that exposes confidential data in system responses, requiring local access and administrative privileges to exploit. With a CVSS score of 4.4 reflecting high confidentiality impact but low attack complexity and no public exploit identified at time of analysis, this represents a moderate risk primarily to organizations where insider threats or compromised admin accounts pose concerns. | MEDIUM | 4.4 | 0.0% | 22 |
No patch
|
| CVE-2026-28264 | Dell PowerProtect Agent prior to version 20.1 allows low-privileged local attackers to read sensitive information through incorrect permission assignment on critical resources. The vulnerability requires local access and existing user privileges but can expose confidential data without requiring user interaction or elevated permissions. | LOW | 3.3 | 0.0% | 17 |
No patch
|
| CVE-2026-23370 | A credential disclosure vulnerability exists in the Linux kernel's Dell WMI System Management (dell-wmi-sysman) module where the set_new_password() function performs hex dumps of memory buffers containing plaintext password data, including both current and new passwords. This affects all Linux kernel versions with the vulnerable dell-wmi-sysman driver, allowing local attackers with access to kernel logs or debug output to extract sensitive authentication credentials. While no CVSS score, EPSS probability, or active KEV status is currently assigned, the patch availability across six stable kernel branches indicates the vulnerability has been formally addressed by the Linux kernel maintainers. | – | 0.0% | 0 |
|