Dell Unisphere For Powermax

Dell Unisphere PowerMax 10.2 MA: Low Priv Remote Unauthorized Access
CVE-2026-26358 8.8 - High - February 19, 2026

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

AuthZ

Dell Unisphere for PowerMax v10.2: Extrl Control of File Name/Path Delete
CVE-2026-26360 8.1 - High - February 19, 2026

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.

External Control of File Name or Path

Dell Unisphere for PowerMax 10.2 EAFP: External Control of File Name/Path
CVE-2026-26359 8.8 - High - February 19, 2026

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.

External Control of File Name or Path

Dell Unisphere for PowerMax 10.2 Relative Path Traversal
CVE-2026-26362 8.1 - High - February 19, 2026

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.

Relative Path Traversal

Dell Unisphere for PowerMax 10.2: External Ctrl. File Name Path
CVE-2026-26361 6.5 - Medium - February 19, 2026

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

External Control of File Name or Path

Dell Unisphere PowerMax 9.2.4.X XSS Vulnerability (CVE-2026-26357)
CVE-2026-26357 5.4 - Medium - February 17, 2026

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

XSS

Dell Unisphere for PowerMax vApp 9.2.4.x XSS (Improper Input Neutralization)
CVE-2026-23861 5.4 - Medium - February 17, 2026

Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

XSS

Dell Unisphere for PowerMax 10.2.0.x SQLi Enables Remote Exec
CVE-2025-36588 8.8 - High - January 22, 2026

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

SQL Injection

Dell Unisphere for PowerMax 9.2.4.x: Improper XML External Entity Restriction
CVE-2025-36589 7.6 - High - January 06, 2026

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.

XXE

LDAP Injection in Dell Unisphere PowerMax <10.2.0.9 / <9.2.4.15
CVE-2025-27686 - April 07, 2025

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

LDAP Injection

Dell EMC Unisphere PowerMax <9.1.0.27 Improper Cert Validation (MIM)
CVE-2021-21548 7.4 - High - March 17, 2023

Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victims data in transit.

Improper Certificate Validation

Privilege Escalation in Dell EMC Unisphere for PowerMax <9.2.3.15
CVE-2022-31233 8 - High - August 31, 2022

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

Incorrect Resource Transfer Between Spheres

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts
CVE-2021-36339 7.8 - High - January 21, 2022

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability
CVE-2021-36338 8 - High - January 21, 2022

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.

Reliance on Cookies without Validation and Integrity Checking

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability
CVE-2021-21531 7.8 - High - April 30, 2021

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Incorrect Resource Transfer Between Spheres

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9
CVE-2019-18588 - January 10, 2020

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.

XSS