Description
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Published: 2026-02-19
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

Dell Unisphere for PowerMax version 10.2 has a missing authorization flaw that permits a low‑privileged attacker with remote access to gain unauthorized access to the system. The vulnerability effectively bypasses user‑level checks, allowing the attacker to view or manipulate data and administrative functions that should be restricted. This impact compromises both confidentiality and integrity of the data stored and managed by Unisphere for PowerMax.

Affected Systems

The affected product is Dell Unisphere for PowerMax, versions 10.2, including configurations that use the Emulation Environment Manager (EEM). Products are identified by Dell:PowerMax and Dell:Unisphere for PowerMax. No other specific versions are listed as affected, but all deployments using Unisphere 10.2 should be considered vulnerable.

Risk and Exploitability

The CVSS base score of 8.8 classifies the vulnerability as high severity, while the EPSS score of less than 1% indicates a low probability of exploitation at present. The vulnerability is not present in the CISA Known Exploited Vulnerabilities catalog. The most likely attack vector is remote access from within a trusted network or a breached internal environment, because the attacker requires network connectivity to the Unisphere instance. Operated within normal business protocols, an attacker could achieve unauthorized data access or configuration changes without being detected by standard authentication controls.

Generated by OpenCVE AI on April 18, 2026 at 11:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell security update described in the Dell support article (KB000429268) to upgrade Unisphere for PowerMax to the patched version.
  • Restrict remote access to the Unisphere management console to known trusted IP addresses or through a VPN, and enforce strong authentication methods for all remote connections.
  • Conduct a privilege review of all user accounts in Unisphere and enforce the principle of least privilege.

Generated by OpenCVE AI on April 18, 2026 at 11:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Missing Authorization Enables Unauthorized Access in Dell Unisphere for PowerMax

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:eem:*:*:*

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powermax Os
Dell unisphere For Powermax
Vendors & Products Dell
Dell powermax Os
Dell unisphere For Powermax

Thu, 19 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
Description Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powermax Os Unisphere For Powermax
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-26T14:44:14.789Z

Reserved: 2026-02-13T18:05:27.825Z

Link: CVE-2026-26358

cve-icon Vulnrichment

Updated: 2026-02-25T16:00:28.000Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T09:16:25.417

Modified: 2026-02-20T20:58:36.483

Link: CVE-2026-26358

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:00:05Z

Weaknesses