Description
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
Published: 2026-06-17
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

According to the updated description, Dell PowerFlex Manager prior to version 5.1.0.1 is vulnerable to an SQL injection flaw that occurs when special characters in SQL commands are not properly neutralised. A low‑privileged attacker with adjacent network access could exploit this flaw to execute malicious SQL statements, potentially leading to unauthorized data disclosure, data modification, or privilege escalation.

Affected Systems

Dell PowerFlex Manager, versions prior to 5.1.0.1, are affected by this SQL injection flaw.

Risk and Exploitability

The CVSS score of 5.7 indicates moderate severity, while the EPSS score of less than 1% reflects a very low probability of exploitation at present. The vulnerability is not mentioned in CISA’s KEV catalog, meaning no widespread exploitation is known. Attackers would need local network access to the management interface and only low‑level credentials to exploit the flaw.

Generated by OpenCVE AI on June 25, 2026 at 16:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell’s DSA-2026-066 security update for PowerFlex Manager that addresses the SQL injection flaw.
  • Restrict access to the PowerFlex Manager management interface by enforcing strict network segmentation, firewall rules, or VPN restrictions so only trusted administrators can reach it.
  • Enable detailed logging of SQL commands and continuously monitor the logs for anomalous or unauthorized query activity.

Generated by OpenCVE AI on June 25, 2026 at 16:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerflex
Vendors & Products Dell
Dell powerflex

Thu, 25 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title SQL Injection in Dell PowerFlex Manager Prior to 5.1.0.1

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-25T13:04:43.865Z

Reserved: 2026-04-01T05:04:41.954Z

Link: CVE-2026-35069

cve-icon Vulnrichment

Updated: 2026-06-17T17:50:51.602Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:40:52Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')