Description
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Published: 2026-02-19
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure
Action: Patch
AI Analysis

Impact

Dell Unisphere for PowerMax version 10.2 contains an External Control of File Name or Path vulnerability (CWE‑73). A remote attacker with low privileges can influence the file path requested by the application, enabling a disclosure of sensitive data on the underlying system. The impact is a loss of confidentiality; no evidence of integrity or availability compromise is indicated.

Affected Systems

Dell PowerMax and Dell Unisphere for PowerMax are affected. The specific vulnerable version is 10.2. The affected components include the Unisphere for PowerMax service and its EEM module.

Risk and Exploitability

The CVSS score is 6.5, indicating medium severity, while the EPSS score is below 1 %, meaning the likelihood of exploitation is very low at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote; a low‑privileged attacker must have network access to the Dell Unisphere for PowerMax interface to manipulate file paths and read protected files.

Generated by OpenCVE AI on April 17, 2026 at 18:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell update for Unisphere for PowerMax issued by Dell (see the Dell security advisory for version 10.2 or later).
  • Restrict or remove the least‑privileged accounts that have remote access to Unisphere, limiting their ability to request arbitrary file paths.
  • Configure file system permissions and ensure that the Unisphere service validates or sanitizes any file path inputs before accessing the file system.

Generated by OpenCVE AI on April 17, 2026 at 18:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:eem:*:*:*

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powermax Os
Dell unisphere For Powermax
Vendors & Products Dell
Dell powermax Os
Dell unisphere For Powermax

Fri, 20 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Weaknesses CWE-73
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Dell Powermax Os Unisphere For Powermax
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-19T21:30:41.803Z

Reserved: 2026-02-13T18:05:27.826Z

Link: CVE-2026-26361

cve-icon Vulnrichment

Updated: 2026-02-19T21:30:25.504Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T09:16:25.900

Modified: 2026-02-20T20:59:17.350

Link: CVE-2026-26361

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:15:26Z

Weaknesses