Description
Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Published: 2026-05-12
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerScale InsightIQ contains an unnecessary privilege execution flaw, allowing a high privileged local attacker to elevate their privileges further. The vulnerability is defined as CWE-250, which addresses elevation of privilege. An attacker with local access who already has significant rights could use this flaw to gain even higher privileges, potentially compromising system integrity.

Affected Systems

Affected vendor: Dell, product: PowerScale InsightIQ. Vulnerable versions include all releases from 5.0.0 through 6.2.0. No other Microsoft or third‑party products are listed.

Risk and Exploitability

The CVSS score is 6.7, indicating moderate severity, while the EPSS score is not available and the vulnerability is not listed in CISA KEV. The vulnerability requires local high‑privileged access; there is no indication that a remote attacker or attacker with lower privileges can exploit it. Given the lack of publicly reported exploit code and the local nature of the attack, the likelihood of exploitation is moderate, but any system running the affected versions should be patched promptly.

Generated by OpenCVE AI on May 12, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerScale InsightIQ security update that addresses the privilege escalation flaw (refer to the Dell support article for the update package).
  • Limit local administrator and privileged accounts to only those necessary for day‑to‑day operations and enforce least‑privilege principles.
  • Continuously monitor and audit system logs for signs of privilege changes or unauthorized elevation to detect potential abuse.

Generated by OpenCVE AI on May 12, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell insightiq
CPEs cpe:2.3:a:dell:insightiq:*:*:*:*:*:*:*:*
Vendors & Products Dell insightiq

Tue, 12 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation Vulnerability in Dell PowerScale InsightIQ
First Time appeared Dell
Dell powerscale Insightiq
Vendors & Products Dell
Dell powerscale Insightiq

Tue, 12 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Insightiq Powerscale Insightiq
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-13T14:25:34.001Z

Reserved: 2026-04-14T16:10:47.675Z

Link: CVE-2026-40638

cve-icon Vulnrichment

Updated: 2026-05-13T14:25:29.603Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T14:17:04.270

Modified: 2026-05-12T19:49:19.097

Link: CVE-2026-40638

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T15:30:18Z

Weaknesses