Impact
The vulnerability in Dell PowerFlex Manager is a Missing Authentication for Critical Function (CWE-306). An unauthenticated attacker who can reach the manager’s services over the network can exploit the flaw to execute arbitrary code, crash services, or modify sensitive data. The impact includes remote code execution, denial of service, information disclosure, and tampering, all of which compromise data integrity, availability, and confidentiality. The weakness allows bypassing authentication controls that should restrict access to administrative functions.
Affected Systems
Affected systems are Dell PowerFlex Manager releases prior to version 5.1.0.1. Users of the PowerFlex Manager packages that have not applied the 2026‑066 update are susceptible. The vulnerability applies to all components that provide the critical functions guarded by authentication checks.
Risk and Exploitability
The CVSS score of 8.8 reflects the high severity of the flaw, while the EPSS score of <1% indicates a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA KEV. The likely attack vector is adjacent network access; an attacker who can reach the PowerFlex Manager services using the untrusted network can exploit the missing authentication to gain remote code execution or disrupt services. The description states that an unauthenticated attacker can exploit the flaw, and this inference is directly derived from the advisory.
OpenCVE Enrichment