Dell Dell

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Dell product.

RSS Feeds for Dell security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Dell products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Dell Sorted by Most Security Vulnerabilities since 2018

Dell Powerscale Onefs98 vulnerabilities

Dell Wyse Management Suite56 vulnerabilities

Dell Smartfabric Os1032 vulnerabilities

Dell Unity29 vulnerabilities

Dell Secure Connect Gateway28 vulnerabilities

Dell Bsafe Micro Edition Suite28 vulnerabilities

Dell Bsafe Ssl J19 vulnerabilities

Dell Powerprotect Data Manager18 vulnerabilities

Dell Alienware Command Center17 vulnerabilities

Dell Unisphere For Powermax17 vulnerabilities

Dell Cloudlink16 vulnerabilities

Dell Objectscale13 vulnerabilities

Dell Supportassist13 vulnerabilities

Dell Command Update12 vulnerabilities

Dell Elastic Cloud Storage12 vulnerabilities

Dell Openmanage Enterprise12 vulnerabilities

Dell Networker11 vulnerabilities

Dell Bsafe Crypto J10 vulnerabilities

Dell Insightiq10 vulnerabilities

Dell Networking Os109 vulnerabilities

Dell Controlvault38 vulnerabilities

Dell Digital Delivery8 vulnerabilities

Dell Alienware Update7 vulnerabilities

Dell Appsync7 vulnerabilities

Dell Avamar Server7 vulnerabilities

Dell Repository Manager7 vulnerabilities

Dell Storage Manager7 vulnerabilities

Dell Encryption7 vulnerabilities

Dell Display Manager6 vulnerabilities

Dell Emc Appsync6 vulnerabilities

Dell Update6 vulnerabilities

Dell Thinos6 vulnerabilities

Dell Peripheral Manager6 vulnerabilities

Dell Powerstoreos5 vulnerabilities

Dell Command Monitor5 vulnerabilities

Dell Data Lakehouse5 vulnerabilities

Dell Enterprise Sonic Os5 vulnerabilities

Dell Power Manager5 vulnerabilities

Dell Unisphere 3605 vulnerabilities

Dell Common Event Enabler4 vulnerabilities

Dell Idrac94 vulnerabilities

Known Exploited Dell Vulnerabilities

The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence.
CVE-2026-22769 Exploit Probability: 13.1%
February 18, 2026
Dell dbutil Driver Insufficient Access Control Vulnerability Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure.
CVE-2021-21551 Exploit Probability: 57.5%
March 31, 2022

2 known exploited Dell vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 194 vulnerabilities in Dell with an average score of 6.4 out of ten. Last year, in 2025 Dell had 204 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Dell in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.39




Year Vulnerabilities Average Score
2026 194 6.38
2025 204 6.77
2024 219 7.07
2023 168 6.97
2022 129 7.20
2021 139 6.94
2020 35 7.45
2019 54 7.32
2018 57 7.21

It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-53479 Jul 07, 2026
Dell PowerProtect Data Domain OS Command Injection 7.7.1.0-8.8 CVE-2026-53479 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 containan improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2026-53481 Jul 07, 2026
CVE-2026-53481 Dell PowerProtect Data Domain 7.7.1.0-8.7 Improper Path Traversal Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2026-53483 Jul 07, 2026
Dell PowerProtect Data Domain Improper Auth (v7.7.1.0-8.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2026-49813 Jul 03, 2026
Dell PowerProtect Data Domain OS Command Injection 7.7.1.0-8.7 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVE-2026-49814 Jul 03, 2026
OS Command Injection in Dell PowerProtect Data Domain v7.7.1-8.7 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVE-2026-49815 Jul 03, 2026
Dell PowerProtect Data Domain OS Command Injection (8.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands.
CVE-2026-53478 Jul 03, 2026
Dell PPD OS Command Injection V7.7.1.0-8.7 (CVE-2026-53478) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.
CVE-2026-46463 Jul 03, 2026
Int Overfl Dell PowerProtect Data Domain (v7.7.1.08.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2026-46464 Jul 03, 2026
Dell PowerProtect Data Domain v8.7 Improper Link Resolution (Link Following) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.
CVE-2026-46465 Jul 03, 2026
Dell PowerProtect Data Domain pre-8.7 format string vulnerability Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service.
CVE-2026-46466 Jul 03, 2026
Dell PowerProtect DD: Less Trusted Source Use Vulnerability (v7.7.1-8.7, LTS2024-2026) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
CVE-2026-46467 Jul 03, 2026
Dell PowerProtect Data Domain log files expose sensitive info (v7.7.1.0-8.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
CVE-2026-46468 Jul 03, 2026
Dell PowerProtect Data Domain (7.7.1-8.7) Improper Link Resolution: Info Exposure Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
CVE-2026-46730 Jul 03, 2026
Dell PowerProtect Data Domain 7.7.1.08.7 Incorrect Auth Unauth Cmd Exec Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution.
CVE-2026-56085 Jul 03, 2026
Dell PowerProtect Data Domain Uninitialized Resource Vulnerability (<=8.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
CVE-2026-26355 Jul 03, 2026
Dell PowerProtect Data Domain OS Command Injection (CVE-2026-26355) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.
CVE-2026-54483 Jul 03, 2026
OS Command Injection in Dell PowerProtect Data Domain 7.7.1.0-8.6 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2026-41123 Jul 03, 2026
Dell PowerProtect Data Domain 7.7.1.08.6 Improper Access Control RBAC Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
CVE-2026-41124 Jul 03, 2026
Dell PowerProtect Data Domain Path Traversal Vulnerability 7.7.1.08.6 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-44268 Jul 03, 2026
Dell PowerProtect DataDomain 7.7+ - High Priv Local Attack Unauthorized Access Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-44269 Jul 03, 2026
Dell PowerProtect Data Domain Improper Link Res Before File Access (V 7.78.6) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-35159 Jul 03, 2026
Dell Client Platform BIOS Auth Bypass -> Info Disclosure Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
CVE-2026-41121 Jul 01, 2026
Dell Device Management Agent <26.05 Improper Link Resolution CVE-2026-41121 Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2026-40711 Jun 26, 2026
OS Command Injection in Dell Container Storage Modules v2.16.0 (csi-*) Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Container Storage Modules
CVE-2026-46735 Jun 25, 2026
Dell DDPM Mac OS Cmd Injection <2.3 Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2026-46734 Jun 25, 2026
Dell DDPM Mac <2.3 Improper Cert Validation Insecure Local Bypass Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
CVE-2026-46732 Jun 25, 2026
Dell DDPM Mac <=2.3 Race Condition Elevation of Privileges Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2026-41120 Jun 25, 2026
Dell Wyse WMS 5.5 HF1 RCE via Untrusted Data Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
Wyse Management Suite
CVE-2026-49506 Jun 25, 2026
Dell Wyse Management Suite 5.5 HF1 - Path Traversal RCE (CVE-2026-49506) Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
Wyse Management Suite
CVE-2026-46733 Jun 25, 2026
Dell DDPM Windows <2.3 Improper Access Control Low-Priv Local Code Exec Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2026-44271 Jun 22, 2026
Dell Wyse Management Suite (WMS) SQLI in Versions <2605 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Wyse Management Suite
CVE-2026-44272 Jun 22, 2026
Dell Wyse Mgmt Suite SQLi in WMS <2605 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Wyse Management Suite
CVE-2026-44273 Jun 22, 2026
Dell WMS <=2605 Default Credentials Vulnerability Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.
Wyse Management Suite
CVE-2026-44274 Jun 22, 2026
Dell WMS Improper Link Resolution File Access L0 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Wyse Management Suite
CVE-2026-46461 Jun 19, 2026
Dell Server HW Manager <3.2.2 Improper Access Control enabling LPE Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2026-32652 Jun 17, 2026
Dell AIOps Collector <1.18.3: Default Credentials Allow Filesystem Access Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earlier than 1.18.3. Systems that have been upgraded (either manually or automatically) to version 1.18.3 or later are not impacted, even if they were originally installed on an earlier version.
CVE-2025-32748 Jun 17, 2026
Dell PowerFlex Rack 3.7 Host Header Injection (RCM) Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections.
CVE-2026-35069 Jun 17, 2026
Dell PowerFlex Manager: SQL Injection via unsanitized input (CVE-2026-35069) Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
CVE-2026-35068 Jun 17, 2026
Dell PowerFlex Manager: SQL Injection via Improper Neutralization Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure.
CVE-2026-35066 Jun 17, 2026
Dell PowerFlex Manager Improper Access Control DoS Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2026-35067 Jun 17, 2026
Dell PowerFlex Manager Improper Access Control Allows Priv Esc Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges and Unauthorized access.
CVE-2026-35162 Jun 17, 2026
Dell PowerFlex Manager Improper Access Control Vulnerability (CVE-2026-35162) Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2026-35065 Jun 17, 2026
Dell PowerFlex Manager Missing Auth Critical Function CVE-2026-35065 Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access.
CVE-2026-32804 Jun 17, 2026
Dell PowerFlex Manager Improper Auth Vulnerability (CVE-2026-32804) Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access.
CVE-2026-49502 Jun 17, 2026
Dell PowerFlex Manager Improper Auth Enables Unauth Access Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.
CVE-2026-22283 Jun 17, 2026
Dell PowerFlex Manager (v<4.8): Untrusted Control Sphere Info Disclosure Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2026-40641 Jun 17, 2026
Dell PowerFlex Manager 4.6.0.1 Uses Weak Crypto (CVE-2026-40641) Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
CVE-2024-47477 Jun 17, 2026
Dell PowerFlex Manager 4.5.1.1 Improper Cert Validation MITM Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.
CVE-2024-39575 Jun 16, 2026
Dell Update_disk_psu_baseline.sh plain text password issue (CVE-2024-39575) update_disk_psu_baseline.sh requires password in plain text
CVE-2024-38487 Jun 16, 2026
API Gateway Container PrivEsc via Host Access (CVE-2024-38487) api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.