Dell

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Dell product.

RSS Feeds for Dell security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Dell products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Dell Sorted by Most Security Vulnerabilities since 2018

Dell Powerscale Onefs98 vulnerabilities

Dell Wyse Management Suite50 vulnerabilities

Dell Unity Operating Environment45 vulnerabilities

Dell Data Domain Operating System38 vulnerabilities

Dell Smartfabric Os1032 vulnerabilities

Dell Unity29 vulnerabilities

Dell Secure Connect Gateway28 vulnerabilities

Dell Bsafe Micro Edition Suite28 vulnerabilities

Dell Supportassist For Home Pcs26 vulnerabilities

Dell Bsafe Crypto C Micro Edition19 vulnerabilities

Dell Supportassist For Business Pcs19 vulnerabilities

Dell Powerprotect Data Manager18 vulnerabilities

Dell Bsafe Ssl J18 vulnerabilities

Dell Alienware Command Center17 vulnerabilities

Dell Unisphere Powermax Virtual Appliance17 vulnerabilities

Dell Cloudlink16 vulnerabilities

Dell Unisphere For Powermax16 vulnerabilities

Dell Solutions Enabler Virtual Appliance15 vulnerabilities

Dell Objectscale13 vulnerabilities

Dell Supportassist13 vulnerabilities

Dell Recoverpoint Virtual Machines13 vulnerabilities

Dell Command Update12 vulnerabilities

Dell Policy Manager Secure Connect Gateway12 vulnerabilities

Dell Elastic Cloud Storage12 vulnerabilities

Dell Openmanage Enterprise12 vulnerabilities

Dell Networker11 vulnerabilities

Dell Bsafe Crypto J10 vulnerabilities

Dell Unity Xt Operating Environment10 vulnerabilities

Dell Insightiq10 vulnerabilities

Dell Unityvsa Operating Environment10 vulnerabilities

Dell Networking Os109 vulnerabilities

Dell Controlvault38 vulnerabilities

Dell Digital Delivery8 vulnerabilities

Dell Alienware Update7 vulnerabilities

Dell Appsync7 vulnerabilities

Dell Avamar Server7 vulnerabilities

Dell Repository Manager7 vulnerabilities

Dell Storage Manager7 vulnerabilities

Dell Openmanage Server Administrator7 vulnerabilities

Dell Encryption7 vulnerabilities

Dell Enterprise Sonic Distribution7 vulnerabilities

Dell Supportassist Os Recovery6 vulnerabilities

Dell Display Manager6 vulnerabilities

Dell Emc Appsync6 vulnerabilities

Dell Update6 vulnerabilities

Dell Emc Idrac Service Module6 vulnerabilities

Dell Thinos6 vulnerabilities

Dell Endpoint Security Suite Enterprise6 vulnerabilities

Dell Powerstoreos5 vulnerabilities

Dell Command Monitor5 vulnerabilities

Dell Data Lakehouse5 vulnerabilities

Dell Enterprise Sonic Os5 vulnerabilities

Dell Power Manager5 vulnerabilities

Dell Common Event Enabler4 vulnerabilities

Dell Powerprotect Cyber Recovery4 vulnerabilities

Dell Idrac94 vulnerabilities

Known Exploited Dell Vulnerabilities

The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title	Description	Added
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability	Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence. CVE-2026-22769 Exploit Probability: 21.3%	February 18, 2026
Dell dbutil Driver Insufficient Access Control Vulnerability	Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. CVE-2021-21551 Exploit Probability: 64.4%	March 31, 2022

2 known exploited Dell vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 120 vulnerabilities in Dell with an average score of 6.4 out of ten. Last year, in 2025 Dell had 204 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Dell in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.37

Year	Vulnerabilities	Average Score
2026	120	6.40
2025	204	6.77
2024	218	7.08
2023	168	6.97
2022	125	7.21
2021	139	6.94
2020	35	7.45
2019	54	7.32
2018	57	7.21

It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2026-40638	May 12, 2026	Dell PowerScale InsightIQ 5.0.0-6.2.0 PrivEsc Exec Vulnerability Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.	Insightiq
CVE-2026-35071	May 12, 2026	Dell InsightIQ 6.0.0-6.2.0 OS Command Injection (CVE-2026-35071) Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.	Insightiq
CVE-2026-26946	May 11, 2026	Dell ECS OS Privilege Escalation v3.8.1.0-3.8.1.7 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.	Objectscale
CVE-2026-35157	May 11, 2026	Dell ECS/OS CSV Formula Injection Remote Exec (3.8.1.03.8.1.7, <4.3.0.0) Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.	Objectscale
CVE-2025-43992	May 11, 2026	Dell ECS 3.8.1.03.8.1.7 / ObjScale <4.3.0.0: Geo Rep Auth Bypass Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit.	Objectscale
CVE-2026-40636	May 11, 2026	Dell ECS 3.8.1.0-3.8.1.7 / Dell ObjectScale <4.3.0 Hardcoded Credentials Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.	Objectscale
CVE-2026-32658	May 11, 2026	Dell Automation Platform <2.0.0.0: Missing Auth (CVE-2026-32658) Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2026-32803	May 08, 2026	Dell PowerScale OneFS 9.12.0.1: Insufficient Logging CVE202632803 Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.	Powerscale Onefs
CVE-2026-27105	Apr 29, 2026	Dell Alienware Purchased Apps <1.1.31 Improper Link Follow Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
CVE-2026-35155	Apr 29, 2026	Dell iDRAC10 Insufficiently Protected Credentials (Race) before 1.30.05.10 Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated lowprivileged attacker to gain elevated access.
CVE-2026-23773	Apr 29, 2026	Dell Disk Library SSRF in DLm 8700/2700 Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
CVE-2026-32655	Apr 27, 2026	Dell AWCC 6.13.7 LPE via local lowpriv attacker Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.	Alienware Command Center
CVE-2026-25908	Apr 27, 2026	Dell AWCC <=6.13.8.0 Exec Unnecessary Privileges Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.	Alienware Command Center
CVE-2026-26354	Apr 22, 2026	Dell PowerProtect Data Domain DD OS 7.7.1.0-8.6 Stack Buffer Overflow Exec Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVE-2026-35154	Apr 20, 2026	Dell PowerProtect DD: IDRAC Privilege Escalation (7.7.1.08.7.0.0) Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges to access unauthorized delete operation.
CVE-2026-26951	Apr 20, 2026	PowerProtect Data Domain Stack Overflow (v7.7.1.08.6) LPE Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-22761	Apr 20, 2026	Command Injection in Dell PowerProtect Data Domain 8.5-8.6 (Remote). Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-26942	Apr 20, 2026	Dell PowerProtect Data Domain OS Command Injection 8.5-8.6 Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-26943	Apr 20, 2026	OS Command Injection in Dell PowerProtect Data Domain 7.7.1.08.6 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-24506	Apr 20, 2026	Dell PowerProtect Data Domain OS Command Injection 7.7.1-8.6 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.
CVE-2026-24505	Apr 20, 2026	Dell PowerProtect Data Domain 8.5-8.6 Improper Input Validation RCE Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-24504	Apr 20, 2026	Input Validation Flaw in Dell PowerProtect Data Domain (v7.7-8.6) Enables RCE Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-23774	Apr 20, 2026	Dell PowerProtect Data Domain OS cmd-injection remote exec 7.7.1.08.5 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVE-2026-26944	Apr 20, 2026	Dell PowerProtect Data Domain 7.7.1.0-8.6 missing auth critical func: root exec Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.
CVE-2026-23777	Apr 17, 2026	Dell PowerProtect DD OS Info Exposure Vulnerability (7.7.18.5) Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
CVE-2026-28263	Apr 17, 2026	XSS in Dell PowerProtect Data Domain OS v7.7-8.5, 8.3.1-20, 7.13.1-50 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a cross-site Scripting vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVE-2025-46606	Apr 17, 2026	Excess Auth Attempts in Dell PowerProtect DD OS 8.48.5 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2025-46605	Apr 17, 2026	Dell PowerProtect DDOS 8.4-8.5 Session Fixation Vulnerability Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2025-46641	Apr 17, 2026	Dell PowerProtect Data Domain DD OS 8.4-8.5 Improper Auth Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2025-46607	Apr 17, 2026	Dell PowerProtect Data Domain DD OS 8.4-8.5 Improper Auth Vulnerability Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-35073	Apr 17, 2026	Dell PowerProtect OS Command Injection v7.7.1.0-8.7.0.0 (LTS2025 8.3.1.0-20, LTS2024 7.13.1.0-60) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-35074	Apr 17, 2026	Dell PowerProtect Data Domain OS Command Injection (7.7.1.0-8.7.0.0) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-35072	Apr 17, 2026	OS Command Injection in Dell PowerProtect Data Domain 7.7.1.08.7.0.0 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-35153	Apr 17, 2026	Dell PowerProtect Data Domain: Arg Injection (cmd exec) pre-8.7.0.0, 8.3.1.020, 7.13.1.060 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-23779	Apr 17, 2026	Dell PowerProtect DD OS 7.7-8.5/8.3.1.0-8.3.1.20 cmd injection root Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain root-level access.
CVE-2026-23776	Apr 17, 2026	Dell PowerProtect DD OS CVE-2026-23776 Improper Cert Validation v7.7.1.08.5 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2026-23778	Apr 17, 2026	Dell PowerProtect DD OS 7.7.1.0-8.5: Command Injection Root Access Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to gain root-level access.
CVE-2026-23775	Apr 17, 2026	Dell PowerProtect Data Domain DD OS 8.0-8.5 Log Sensitive Info Injection Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to credential exposures. Authentication attempts as the compromised user would need to be authorized by a high privileged DD user. This vulnerability only affects systems with retention lock enabled.
CVE-2025-36568	Apr 17, 2026	Dell PowerProtect BoostFS Client 7.7.1.0-8.5 Credential Exposure Vulnerability Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.
CVE-2026-23853	Apr 17, 2026	Dell PowerProtect Data Domain OS Weak Credentials Pre-8.5 Vulnerable Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system.
CVE-2025-43937	Apr 16, 2026	Dell PowerScale OneFS <=9.12 Sensitive Log Info Leakage Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.	Powerscale Onefs
CVE-2025-43935	Apr 16, 2026	Dell PowerScale OneFS <9.12.0.0 Improper Resource Release Causes DoS Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.	Powerscale Onefs
CVE-2025-43883	Apr 16, 2026	Dell PowerScale OneFS <9.12.0.0: Local Privileged DoS via Improper Check Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.	Powerscale Onefs
CVE-2025-36579	Apr 16, 2026	Dell BIOS Weak Password Recovery Vulnerability Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-23772	Apr 16, 2026	Dell Storage Manager 8.0 Improper Privilege Management via Replay Manager Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.	Storage Manager
CVE-2026-28261	Apr 08, 2026	Dell ECS/ObjScale: Sensitive Log Data (Pre-3.8.1.7/4.1.0.3) CVE-2026-28261 Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.	Elastic Cloud Storage Objectscale
CVE-2026-24511	Apr 08, 2026	Dell PowerScale OneFS 9.5-9.13 Sensitive Error Leak Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.	Powerscale Onefs
CVE-2026-27102	Apr 08, 2026	Dell PowerScale OneFS 9.5-9.13 Privilege Escalation via Incorrect Role Assignment Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.	Powerscale Onefs
CVE-2026-28264	Apr 08, 2026	Dell PowerProtect Agent Service <20.1 Invalid Permission Assignment Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-22768	Apr 01, 2026	Dell AppSync 4.6.0: Privilege Escalation via Incorrect Permission Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.	Appsync