Description
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access.
Published: 2026-06-17
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Dell PowerFlex Manager’s authentication mechanism allows an attacker to gain access without valid credentials. The vulnerability can let an unauthenticated actor interact with the management interface, potentially executing privileged commands, retrieving sensitive data, or modifying configuration settings. The weakness is classified as improper authentication, meaning the system fails to enforce or verify credentials correctly, which could compromise confidentiality, integrity, and availability of the PowerFlex environment.

Affected Systems

Dell PowerFlex Manager is the affected product. Specific version numbers are not disclosed in the advisory. Any deployment of the manager component that matches the description of adjacent network access exposure is potentially vulnerable.

Risk and Exploitability

The CVSS base score of 8.1 places the issue in the high severity range, and the EPSS score of less than 1% indicates a very low likelihood of exploitation, at least as of this assessment. The vulnerability is not listed in CISA’s KEV catalog. The attack likely requires local or subnet-level network proximity, allowing a non‑authenticated user to reach the manager interface. If successful, the attacker can bypass authentication controls and gain unauthorized access to the PowerFlex management plane.

Generated by OpenCVE AI on June 18, 2026 at 19:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell’s PowerFlex security update detailed in the Dell Knowledge Base (KB) article to patch the authentication flaw.
  • If a patch is not immediately available, restrict network access to the PowerFlex Manager by limiting connectivity to trusted hosts or subnets only, and configure firewall rules to block unauthorized external connections.
  • Enforce strong authentication and, where possible, enable multi‑factor authentication to reduce the risk of credential bypass.

Generated by OpenCVE AI on June 18, 2026 at 19:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Title Improper Authentication in Dell PowerFlex Manager Allows Unauthorized Access

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access.
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-18T14:33:18.302Z

Reserved: 2026-03-16T17:04:36.795Z

Link: CVE-2026-32804

cve-icon Vulnrichment

Updated: 2026-06-18T14:33:12.354Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:30:15Z

Weaknesses