Description
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Published: 2026-06-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an inclusion of functionality from an untrusted control sphere that allows an unauthenticated attacker with remote access to potentially disclose information. This flaw is classified as CWE-829 and represents a data‑related weakness that can compromise confidentiality by leaking data from the system.

Affected Systems

The affected system is Dell PowerFlex Manager, specifically all releases before version 5.1.0.1, running on Dell PowerFlex infrastructure; devices operating these management components are vulnerable.

Risk and Exploitability

The CVSS score of 7.5 reflects a high impact, while the EPSS score of less than one percent indicates a very low probability of exploitation currently; Dell has not listed this vulnerability in the CISA KEV catalog; exploitation would require remote, unauthenticated access to the manager’s control sphere, and the attacker could send specially crafted requests to trigger the vulnerability and extract data.

Generated by OpenCVE AI on June 25, 2026 at 16:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerFlex Security Update DSA-2026-066 to upgrade to version 5.1.0.1 or later.
  • Restrict network access to the PowerFlex Manager management interface to trusted hosts only and enforce strong authentication controls.
  • Monitor PowerFlex Manager logs for anomalous access attempts and conduct regular security assessments to ensure no residual vulnerabilities remain.

Generated by OpenCVE AI on June 25, 2026 at 16:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerflex
Vendors & Products Dell
Dell powerflex

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Title Dell PowerFlex Manager: Untrusted Control Sphere Inclusion Causes Information Disclosure

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Weaknesses CWE-829
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-25T12:59:08.727Z

Reserved: 2026-01-07T07:17:24.537Z

Link: CVE-2026-22283

cve-icon Vulnrichment

Updated: 2026-06-17T15:38:13.832Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:41:09Z

Weaknesses
  • CWE-829

    Inclusion of Functionality from Untrusted Control Sphere