Description
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections.
Published: 2026-06-17
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Host Header Injection in Dell PowerFlex Manager in versions prior to 5.1.0.1 that allows an unauthenticated remote attacker to send a malicious Host header and trigger HTTP redirects to arbitrary URLs. This flaw can cause users to be redirected to attacker‑controlled sites. The flaw does not enable execution, data disclosure, or other direct impacts beyond the redirect effect.

Affected Systems

Dell PowerFlex Manager, versions prior to 5.1.0.1, is affected.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate risk, while the EPSS of less than 1% suggests low exploitation probability. The issue is not listed in the CISA KEV catalog. Attack vector is remote and unauthenticated, requiring network access to the PowerFlex Manager interface. Exploitation would involve crafting an HTTP request with a malicious Host header to force the system to redirect users to malicious destinations.

Generated by OpenCVE AI on June 25, 2026 at 16:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell’s patch for PowerFlex Manager versions prior to 5.1.0.1 that fixes the Host Header Injection (see Dell KB doc).
  • If the patch is not available, upgrade to the latest PowerFlex Manager firmware where the issue has been resolved.
  • As a temporary measure, restrict the Management interface to a trusted network segment or enable host‑header validation on the web server to reject requests with unexpected Host values.
  • Monitor for unusual redirects or HTTP anomalies and keep the system’s host‑header handling configuration updated.

Generated by OpenCVE AI on June 25, 2026 at 16:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Host Header Injection Allowing Unauthenticated Redirection in Dell PowerFlex RCM

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections. Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections.

Thu, 18 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Host Header Injection Allowing Unauthenticated Redirection in Dell PowerFlex RCM

Thu, 18 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerflex Rack
Vendors & Products Dell
Dell powerflex Rack

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections.
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Subscriptions

Dell Powerflex Rack
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-25T13:06:00.032Z

Reserved: 2025-04-10T05:03:51.740Z

Link: CVE-2025-32748

cve-icon Vulnrichment

Updated: 2026-06-17T17:28:49.408Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:30:15Z

Weaknesses
  • CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')