Dell
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Dell product.
RSS Feeds for Dell security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Dell products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Dell Sorted by Most Security Vulnerabilities since 2018
Known Exploited Dell Vulnerabilities
The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability |
Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence. CVE-2026-22769 Exploit Probability: 13.1% |
February 18, 2026 |
| Dell dbutil Driver Insufficient Access Control Vulnerability |
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. CVE-2021-21551 Exploit Probability: 57.5% |
March 31, 2022 |
2 known exploited Dell vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 171 vulnerabilities in Dell with an average score of 6.5 out of ten. Last year, in 2025 Dell had 204 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Dell in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.31
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 171 | 6.46 |
| 2025 | 204 | 6.77 |
| 2024 | 219 | 7.07 |
| 2023 | 168 | 6.97 |
| 2022 | 129 | 7.20 |
| 2021 | 139 | 6.94 |
| 2020 | 35 | 7.45 |
| 2019 | 54 | 7.32 |
| 2018 | 57 | 7.21 |
It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-40711 | Jun 26, 2026 |
OS Command Injection in Dell Container Storage Modules v2.16.0 (csi-*)Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
|
| CVE-2026-46735 | Jun 25, 2026 |
Dell DDPM Mac OS Cmd Injection <2.3Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
|
| CVE-2026-46734 | Jun 25, 2026 |
Dell DDPM Mac <2.3 Improper Cert Validation Insecure Local BypassDell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. |
|
| CVE-2026-46732 | Jun 25, 2026 |
Dell DDPM Mac <=2.3 Race Condition Elevation of PrivilegesDell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. |
|
| CVE-2026-41120 | Jun 25, 2026 |
Dell Wyse WMS 5.5 HF1 RCE via Untrusted DataDell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution. |
|
| CVE-2026-49506 | Jun 25, 2026 |
Dell Wyse Management Suite 5.5 HF1 - Path Traversal RCE (CVE-2026-49506)Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution. |
|
| CVE-2026-46733 | Jun 25, 2026 |
Dell DDPM Windows <2.3 Improper Access Control Low-Priv Local Code ExecDell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
|
| CVE-2026-44271 | Jun 22, 2026 |
Dell Wyse Management Suite (WMS) SQLI in Versions <2605Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. |
|
| CVE-2026-44272 | Jun 22, 2026 |
Dell Wyse Mgmt Suite SQLi in WMS <2605Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. |
|
| CVE-2026-44273 | Jun 22, 2026 |
Dell WMS <=2605 Default Credentials VulnerabilityDell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure. |
|
| CVE-2026-44274 | Jun 22, 2026 |
Dell WMS Improper Link Resolution File Access L0Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
|
| CVE-2026-46461 | Jun 19, 2026 |
Dell Server HW Manager <3.2.2 Improper Access Control enabling LPEDell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
|
| CVE-2026-32652 | Jun 17, 2026 |
Dell AIOps Collector <1.18.3: Default Credentials Allow Filesystem AccessDell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earlier than 1.18.3. Systems that have been upgraded (either manually or automatically) to version 1.18.3 or later are not impacted, even if they were originally installed on an earlier version. |
|
| CVE-2025-32748 | Jun 17, 2026 |
Dell PowerFlex Rack 3.7 Host Header Injection (RCM)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections. |
|
| CVE-2026-35069 | Jun 17, 2026 |
Dell PowerFlex Manager: SQL Injection via unsanitized input (CVE-2026-35069)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. |
|
| CVE-2026-35068 | Jun 17, 2026 |
Dell PowerFlex Manager: SQL Injection via Improper NeutralizationDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure. |
|
| CVE-2026-35066 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Access Control DoSDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
|
| CVE-2026-35067 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Access Control Allows Priv EscDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges and Unauthorized access. |
|
| CVE-2026-35162 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Access Control Vulnerability (CVE-2026-35162)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
|
| CVE-2026-35065 | Jun 17, 2026 |
Dell PowerFlex Manager Missing Auth Critical Function CVE-2026-35065Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access. |
|
| CVE-2026-32804 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Auth Vulnerability (CVE-2026-32804)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access. |
|
| CVE-2026-49502 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Auth Enables Unauth AccessDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access. |
|
| CVE-2026-22283 | Jun 17, 2026 |
Dell PowerFlex Manager (v<4.8): Untrusted Control Sphere Info DisclosureDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. |
|
| CVE-2026-40641 | Jun 17, 2026 |
Dell PowerFlex Manager 4.6.0.1 Uses Weak Crypto (CVE-2026-40641)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering. |
|
| CVE-2024-47477 | Jun 17, 2026 |
Dell PowerFlex Manager 4.5.1.1 Improper Cert Validation MITMDell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning. |
|
| CVE-2024-39575 | Jun 16, 2026 |
Dell Update_disk_psu_baseline.sh plain text password issue (CVE-2024-39575)update_disk_psu_baseline.sh requires password in plain text |
|
| CVE-2024-38487 | Jun 16, 2026 |
API Gateway Container PrivEsc via Host Access (CVE-2024-38487)api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions. |
|
| CVE-2024-30476 | Jun 16, 2026 |
Dell PowerStore Manager Stored XSS VulnerabilityPowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser. |
|
| CVE-2024-24909 | Jun 16, 2026 |
RCE & PrivEsc in Dell OM Gateway Plugin for WIN Admin CenterDell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code remotely. This is a high severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. |
|
| CVE-2024-22451 | Jun 16, 2026 |
CVE-2024-22451: Dell Peripheral Manager 1.5.1-1.7.2 UCSP (ACE)Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution. |
|
| CVE-2024-22447 | Jun 16, 2026 |
Dell Peripheral Manager <1.7.3 Uncontrolled Search Path (DLL Preload)Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution. |
|
| CVE-2026-40639 | Jun 09, 2026 |
Dell Client BIOS Weak Encoding Password EE Privilege EscalationDell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges. |
|
| CVE-2026-44275 | Jun 09, 2026 |
Dell Alienware Purchased Apps <1.1.32.0 Link Following File WriteDell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write |
|
| CVE-2026-41116 | Jun 09, 2026 |
Dell InvColl Client <13.8.0 LFR -> Arbitrary File WriteDell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write. |
|
| CVE-2026-28262 | Jun 09, 2026 |
Dell iDRAC Tools <11.4.1.0 Improper Link Resolution (Info Tampering)Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. |
|
| CVE-2025-46638 | Jun 04, 2026 |
Dell BSAFE SSL-J DoS via Unbounded Resource AllocationDell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a Denial of Service (DoS). |
|
| CVE-2026-40715 | Jun 02, 2026 |
Dell ThinOS 10 Improper Access Control ( 2602_10.0765) - Privilege EscalationDell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation. |
|
| CVE-2026-40713 | Jun 02, 2026 |
Dell ThinOS 10 Improper Access Control (before 2602_10.0765)Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure. |
|
| CVE-2022-34363 | May 22, 2026 |
Dell Unisphere PowerMax vApp <10.0.0.2 Auth BypassDell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp |
And others... |
| CVE-2022-31231 | May 22, 2026 |
CVE-2022-31231: Improper Access Control in Dell ECS 3.5/3.6 IAM ModuleDell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data. |
|
| CVE-2021-21508 | May 22, 2026 |
Dell VxRail Manager < 7.0.200: Plain-text Password Storage CVE-2021-21508Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
|
| CVE-2025-32751 | May 22, 2026 |
Dell PowerFlex Manager <=4.6.2: Insecure Storage of Sensitive InfoDell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. |
|
| CVE-2025-46371 | May 22, 2026 |
Dell PowerFlex Manager <=4.6.2 SSH Uses Broken Crypto Local Privileged BypassDell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. |
|
| CVE-2025-26483 | May 22, 2026 |
Dell PowerFlex Manager <=4.6.2: Unauth Open Redirect VulnerabilityDell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. |
|
| CVE-2025-32745 | May 22, 2026 |
Dell PowerFlex Manager <=4.6.2 Improper Cert Validation (Info Tampering)Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. |
|
| CVE-2025-32746 | May 22, 2026 |
Dell PowerFlex Manager <=4.6.2 Insecure Storage of Info VulnerabilityDell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. |
|
| CVE-2025-32747 | May 22, 2026 |
Dell PowerFlex Manager <=4.6.2: Incorrect Privilege Assignment (Low Priv Esc)Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
|
| CVE-2025-32749 | May 22, 2026 |
Dell PowerFlex Mgr <=4.6.2 Dir Listing Info ExposureDell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. |
|
| CVE-2025-32750 | May 20, 2026 |
Dell PowerFlex Manager 4.6.2 Directory Listing Info DisclosureDell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. |
|
| CVE-2026-35070 | May 20, 2026 |
Dell SmartFabric Storage Software <1.4.5 Command Injection VulnerabilityDell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
|