40
CVEs
1
Critical
19
High
1
KEV
0
PoC
17
Unpatched C/H
12.5%
Patch Rate
0.9%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
19
MEDIUM
16
LOW
3
Monthly CVE Trend
Affected Products (30)
Command Injection
38
Powerscale Onefs
21
Unity Operating Environment
19
Linux Kernel
19
Smartfabric Os10
14
Powerprotect Data Manager
13
Wyse Management Suite
13
Data Domain Operating System
10
Cloudlink
8
Thinos
7
Alienware Command Center
7
Ubuntu
6
Storage Manager
5
Memory Corruption
5
Objectscale
5
Supportassist Os Recovery
5
Debian Linux
5
Elastic Cloud Storage
5
Null Pointer Dereference
5
Networker
4
Stack Overflow
4
Unisphere For Powermax
4
Secure Connect Gateway
4
Latitude 5350 Firmware
3
Precision 3490 Firmware
3
Precision 3590 Firmware
3
Latitude 7350 Detachable Firmware
3
Latitude 5550 Firmware
3
Latitude 7450 Firmware
3
Recoverpoint For Virtual Machines
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-22769 | Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data. | CRITICAL | 10.0 | 34.2% | 134 |
KEV
|
| CVE-2026-26358 | Dell Unisphere for PowerMax 10.2 lacks proper authorization checks, allowing authenticated remote attackers to bypass access controls and gain unauthorized administrative capabilities. This missing authorization vulnerability (CWE-862) affects users who have any valid account credentials on affected systems. No patch is currently available, making this a critical risk for organizations operating vulnerable PowerMax installations. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-26359 | Dell Unisphere for PowerMax 10.2 contains a path traversal vulnerability that allows authenticated remote attackers to overwrite arbitrary files on the system. This HIGH severity flaw (CVSS 8.8) requires only low privileges and network access to exploit, potentially enabling complete system compromise. No patch is currently available for this vulnerability. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-22765 | Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote attackers to escalate their privileges. An attacker with low-level credentials can bypass authorization checks to gain high-privilege access to the system, potentially compromising confidentiality, integrity, and availability. No patch is currently available for this vulnerability. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-22273 | Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentials in the operating system that a remote authenticated attacker can leverage to gain elevated privileges. An attacker with low-level access can exploit this vulnerability to achieve full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available for affected versions. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-24502 | Command \| Intel Vpro Out Of Band versions up to 4.7.0 is affected by uncontrolled search path element (CVSS 8.8). | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-23857 | Dell Update Package Framework versions 23.12.00 through 24.12.00 suffers from improper privilege handling that allows local attackers with low-level user accounts to escalate their privileges on affected systems. An attacker with interactive access could exploit this vulnerability to gain elevated permissions, potentially compromising system integrity and confidentiality. No patch is currently available for this high-severity vulnerability. | HIGH | 8.2 | 0.0% | 41 |
No patch
|
| CVE-2026-22278 | Powerscale Onefs versions up to 9.13.0.0 is affected by improper restriction of excessive authentication attempts (CVSS 8.1). | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2026-26360 | Dell Unisphere for PowerMax versions 10.2 suffer from a path traversal vulnerability (CWE-73) that allows authenticated remote attackers to delete arbitrary files on affected systems. An attacker with low-level privileges can exploit this flaw without user interaction to achieve denial of service or system compromise. No patch is currently available for this high-severity issue (CVSS 8.1). | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2026-22267 | Dell PowerProtect Data Manager versions prior to 19.22 contain an incorrect privilege assignment flaw that allows remote attackers with low-level credentials to escalate their privileges on affected systems. The vulnerability requires network access and valid authentication but no user interaction, making it exploitable by insiders or attackers who have obtained legitimate credentials. No patch is currently available. | HIGH | 8.1 | 0.0% | 41 |
No patch
|
| CVE-2026-23862 | Dell ThinOS 10 versions before 2602_10.0573 contain a command injection flaw that allows local attackers with low privileges to execute arbitrary commands and escalate their access rights. The vulnerability stems from improper sanitization of special elements in user-supplied input, requiring only local access and no user interaction to exploit. No patch is currently available. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2025-46691 | Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. [CVSS 7.8 HIGH] | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-28261 | Local privilege escalation in Dell Elastic Cloud Storage (≤3.8.1.7) and ObjectScale (<4.1.0.3, =4.2.0.0) allows authenticated users with low privileges to extract credentials from log files and escalate to compromised account privileges. CVSS 7.8 (High). No public exploit identified at time of analysis. EPSS data not available, but local access requirement and low attack complexity suggest moderate exploitation likelihood in multi-tenant or shared administrative environments. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-33554 | FreeIPMI versions before 1.16.17 contain exploitable buffer overflow vulnerabilities in the ipmi-oem command's response message handling for three vendor-specific subcommands: Dell's get-last-post-code, Supermicro's extra-firmware-info, and Wistron's read-proprietary-string. An attacker who can intercept or control IPMI server responses could trigger these buffer overflows to achieve arbitrary code execution on systems running vulnerable versions of FreeIPMI. No CVSS score, EPSS data, or public exploitation confirmation is currently available, but the vulnerabilities are documented in Savannah bug reports with clear technical details. | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2025-46685 | Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.0% | 38 |
No patch
|