Description
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
Published: 2026-06-17
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager is vulnerable to a classic SQL injection flaw because special characters in SQL commands are not properly neutralised. A low‑privileged attacker who can reach the manager from an adjacent network could insert malicious SQL statements, potentially allowing unauthorized data disclosure, modification or escalation of privileges.

Affected Systems

Dell PowerFlex Manager. The CVE entry does not list specific version numbers, so the vulnerability likely affects all currently released versions of the manager.

Risk and Exploitability

The CVSS score of 5.7 indicates moderate severity, while the EPSS score of less than 1% reflects a very low probability of exploitation at present. The vulnerability is not mentioned in CISA’s KEV catalog, meaning no widespread exploitation is known. Attackers would need local network access to the management interface and only low‑level credentials to exploit the flaw.

Generated by OpenCVE AI on June 18, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell’s DSA-2026-066 security update for PowerFlex Manager that addresses the SQL injection flaw.
  • Restrict access to the PowerFlex Manager management interface by enforcing strict network segmentation, firewall rules, or VPN restrictions so only trusted administrators can reach it.
  • Enable detailed logging of SQL commands and continuously monitor the logs for anomalous or unauthorized query activity.

Generated by OpenCVE AI on June 18, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-17T17:50:54.481Z

Reserved: 2026-04-01T05:04:41.954Z

Link: CVE-2026-35069

cve-icon Vulnrichment

Updated: 2026-06-17T17:50:51.602Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:30:15Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')