Description
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.
Published: 2026-06-17
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager, in versions prior to 5.1.0.1, contains an improper authentication vulnerability that allows an unauthenticated attacker with adjacent network access to gain information disclosure, tampering, and unauthorized access before any valid credentials are provided. This authentication bypass (CWE-287) enables the attacker to read or modify configuration data, potentially collecting sensitive system information or gaining further network footholds.

Affected Systems

The affected product is Dell PowerFlex Manager. The CVE notes that the vulnerability exists in versions prior to 5.1.0.1. The vulnerability applies to any deployment of PowerFlex Manager that is reachable from a threat actor’s network segment.

Risk and Exploitability

The CVSS score of 7.4 indicates high severity, while the EPSS score of less than 1% suggests that the likelihood of exploitation is low at present. The CVE is not listed in the CISA KEV catalog. Attackers would need adjacent network access to the PowerFlex Manager service and can exploit the weakness without authentication. The impact could be severe if the attacker successfully accesses or modifies critical configuration data.

Generated by OpenCVE AI on June 25, 2026 at 16:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell's latest PowerFlex update from the Dell Support Knowledge Base link provided in the advisory
  • Restrict network access to PowerFlex Manager to trusted hosts only, using VLANs or firewall rules
  • Disable unused services and verify that authentication mechanisms are properly enforced

Generated by OpenCVE AI on June 25, 2026 at 16:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerflex
Vendors & Products Dell
Dell powerflex

Thu, 25 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title Improper Authentication in Dell PowerFlex Manager Enables Unauthorized Access

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access. Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.

Thu, 18 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Title Improper Authentication in Dell PowerFlex Manager Enables Unauthorized Access

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-25T12:59:48.815Z

Reserved: 2026-05-31T17:04:24.517Z

Link: CVE-2026-49502

cve-icon Vulnrichment

Updated: 2026-06-18T14:29:46.570Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:41:06Z

Weaknesses