Dell PowerFlex Manager: SQL Injection via Improper Neutralization
CVE-2026-35068 Published on June 17, 2026

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2026-35068 has been classified to as a SQL Injection vulnerability or weakness.

Affected Versions

Dell PowerFlex:

Before 5.1.0.1 or later is affected.
Before 4.5.5.2 or later is affected.

Dell PowerFlex Manager: SQL Injection via Improper NeutralizationCVE-2026-35068 Published on June 17, 2026

Vulnerability Analysis

Weakness Type

What is a SQL Injection Vulnerability?

Affected Versions

Dell PowerFlex Manager: SQL Injection via Improper Neutralization
CVE-2026-35068 Published on June 17, 2026