Description
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution.
Published: 2026-04-01
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Execution
Action: Patch Now
AI Analysis

Impact

The vulnerability is an improper limitation of a pathname to a restricted directory, also known as Path Traversal. It allows a high‑privileged attacker who has access to the management network to upload or reference files outside the intended directory, potentially leading to the execution of arbitrary code on the Dell Secure Connect Gateway appliance or application.

Affected Systems

It affects Dell Secure Connect Gateway 5.0 Appliance and Application within version range 5.28.00.xx to 5.32.00.xx. Users running any of those build numbers are potentially vulnerable.

Risk and Exploitability

The CVSS score of 4.7 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. Because the attack requires privileged access to the internal management network, the vector is not publicly exposed. The vulnerability is currently not listed in CISA’s KEV catalog, but once upstream patches are applied the risk is mitigated.

Generated by OpenCVE AI on April 2, 2026 at 23:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell Secure Connect Gateway security update recommended in the Dell advisory

Generated by OpenCVE AI on April 2, 2026 at 23:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:-:*:*:*
cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:application:*:*:*

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Secure Connect Gateway Path Traversal Allowing Remote Execution by Privileged Attacker
First Time appeared Dell
Dell secure Connect Gateway
Vendors & Products Dell
Dell secure Connect Gateway

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Description Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Dell Secure Connect Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-02T03:55:54.422Z

Reserved: 2026-02-17T18:05:21.466Z

Link: CVE-2026-27101

cve-icon Vulnrichment

Updated: 2026-04-01T13:32:29.055Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T08:16:05.270

Modified: 2026-04-02T20:42:37.060

Link: CVE-2026-27101

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:19:13Z

Weaknesses