Description
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Published: 2026-04-01
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local File Modification
Action: Patch
AI Analysis

Impact

The PowerStore appliance exposes a path traversal flaw within its Service user account. An adversary who has local access and only low privileges can exploit this weakness to modify any system file unrelated to the Service user’s working directory. This grants the attacker the ability to alter critical configuration or operational files, compromising the integrity of the storage system.

Affected Systems

Affected devices are Dell PowerStore appliances, including the PowerStore 1000T, 1200T, 3000T, 3200Q, 3200T, 5000T, 500T, 5200Q, 5200T, 7000T, 9000T, and 9200T. No specific version data is provided.

Risk and Exploitability

The CVSS score of 4.4 reflects moderate severity because the vulnerability impacts only files accessible to the Service user. The EPSS score of less than 1% indicates that exploitation is unlikely to occur in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local presence with a Service user account; this inference comes from the description stating a low privileged attacker with local access could potentially exploit the flaw.

Generated by OpenCVE AI on April 2, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerStore security update referenced in the Dell KB (https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities).
  • If an immediate patch cannot be applied, restrict or disable the Service user account to block the path traversal capability.
  • After applying the update or disabling the account, verify the integrity of critical system files and review audit logs for unauthorized changes.
  • Continuously monitor the system for abnormal file write activity to detect any future attempts.

Generated by OpenCVE AI on April 2, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Path Traversal in Dell PowerStore Service User Allows Local File Modification
First Time appeared Dell powerstore
Vendors & Products Dell powerstore

Thu, 02 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerstore 1000t
Dell powerstore 1200t
Dell powerstore 3000t
Dell powerstore 3200q
Dell powerstore 3200t
Dell powerstore 5000t
Dell powerstore 500t
Dell powerstore 5200q
Dell powerstore 5200t
Dell powerstore 7000t
Dell powerstore 9000t
Dell powerstore 9200t
Dell powerstoreos
Weaknesses CWE-22
CPEs cpe:2.3:h:dell:powerstore_1000t:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_1200t:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_3000t:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_3200q:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_3200t:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_5000t:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_500t:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_5200q:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_5200t:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_7000t:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_9000t:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:powerstore_9200t:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell powerstore 1000t
Dell powerstore 1200t
Dell powerstore 3000t
Dell powerstore 3200q
Dell powerstore 3200t
Dell powerstore 5000t
Dell powerstore 500t
Dell powerstore 5200q
Dell powerstore 5200t
Dell powerstore 7000t
Dell powerstore 9000t
Dell powerstore 9200t
Dell powerstoreos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Path Traversal in Dell PowerStore Service User Allows Local File Modification

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Description PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Dell Powerstore Powerstore 1000t Powerstore 1200t Powerstore 3000t Powerstore 3200q Powerstore 3200t Powerstore 5000t Powerstore 500t Powerstore 5200q Powerstore 5200t Powerstore 7000t Powerstore 9000t Powerstore 9200t Powerstoreos
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-01T13:10:14.638Z

Reserved: 2026-02-25T18:04:25.462Z

Link: CVE-2026-28265

cve-icon Vulnrichment

Updated: 2026-04-01T13:10:11.069Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T08:16:05.490

Modified: 2026-04-02T20:43:17.370

Link: CVE-2026-28265

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:19:12Z

Weaknesses