Description
Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Published: 2026-05-20
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of special elements used in a command, which allows a high‑privileged local attacker to inject and execute arbitrary commands. This can result in unauthorized file system access, compromising confidentiality, integrity, and potentially availability of the affected system.

Affected Systems

Dell SmartFabric Storage Software versions earlier than 1.4.5 are affected. Customers running those versions will be able to exploit the vulnerability if they gain local privileged access.

Risk and Exploitability

The CVSS score of 6.4 indicates a moderate severity. EPSS is not available, so exploitation likelihood cannot be quantified, but the vulnerability requires local privileged access and is not listed in the CISA KEV catalog. The likely attack vector is a local attacker who already has administrative privileges. Without the necessary local privileges, remote exploitation is not possible.

Generated by OpenCVE AI on May 20, 2026 at 11:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install Dell SmartFabric Storage Software version 1.4.5 or newer from the Dell Security Update portal.
  • Follow Dell’s installation instructions to replace the vulnerable component and restart the affected services.
  • Limit local privileged access to the system to only trusted administrators to reduce the risk of exploitation.

Generated by OpenCVE AI on May 20, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 11:45:00 +0000

Type Values Removed Values Added
Title Command Injection Vulnerability in Dell SmartFabric Storage Software, Enabling Local Privileged File System Access
First Time appeared Dell
Dell smartfabric Storage Software
Vendors & Products Dell
Dell smartfabric Storage Software

Wed, 20 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Smartfabric Storage Software
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-20T13:45:50.267Z

Reserved: 2026-04-01T05:04:41.954Z

Link: CVE-2026-35070

cve-icon Vulnrichment

Updated: 2026-05-20T13:45:04.781Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T10:16:26.677

Modified: 2026-05-20T13:56:48.777

Link: CVE-2026-35070

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T11:30:26Z

Weaknesses