Description
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
Published: 2026-06-17
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Use of a Broken or Risky Cryptographic Algorithm in Dell PowerFlex Manager versions prior to 5.1.0.1. An unauthenticated attacker with remote access could potentially exploit the weakened cryptography, leading to information disclosure and tampering. This weakness could allow an attacker to read or modify sensitive data transmitted or stored by the PowerFlex Manager application, compromising confidentiality and integrity.

Affected Systems

Dell PowerFlex Manager version(s) prior to 5.1.0.1 are affected by this vulnerability, as indicated by the updated description. Administrators should verify the exact version of their deployments and determine if they are running a vulnerable release. If the system is running 5.1.0.1 or later, the vulnerability is not present; otherwise, it remains in effect.

Risk and Exploitability

The CVSS score of 4.8 reflects moderate impact, and the EPSS score of less than 1% indicates that exploitation attempts are rare at present. The vulnerability is not cataloged in CISA's KEV list, implying a low to moderate threat level. The attack vector is inferred as remote through unauthenticated access, which suggests that any exposed PowerFlex Manager interfaces could be targeted without credentials.

Generated by OpenCVE AI on June 25, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerFlex Manager security update published in the DSA-2026-066 advisory, which removes the use of the risky cryptographic algorithm.
  • After patching, verify that all communications and data handling within PowerFlex are configured to use strong cryptographic primitives as recommended by Dell.
  • Continuously monitor network and audit logs for unusual activity around PowerFlex Manager, focusing on any attempts to access or manipulate cryptographic keys or configuration.
  • If immediate patch deployment is not possible, isolate the PowerFlex Manager from public networks and enforce strict firewall rules to limit remote access to known administrators.

Generated by OpenCVE AI on June 25, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerflex
Vendors & Products Dell
Dell powerflex

Thu, 25 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Title Broken Cryptographic Algorithm in Dell PowerFlex Manager Leading to Possible Information Disclosure

Thu, 25 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) 4.6.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering. Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.

Thu, 18 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Broken Cryptographic Algorithm in Dell PowerFlex Manager Leading to Possible Information Disclosure

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) 4.6.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
Weaknesses CWE-327
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-25T12:58:33.033Z

Reserved: 2026-04-14T16:10:47.675Z

Link: CVE-2026-40641

cve-icon Vulnrichment

Updated: 2026-06-17T15:37:46.071Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:41:11Z

Weaknesses
  • CWE-327

    Use of a Broken or Risky Cryptographic Algorithm