CVE-2026-22283

HIGH

Dell PowerFlex - Inclusion of Functionality from Untrusted Control Sphere

Title source: rule
STIX 2.1

Description

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Scores

CVSS v3 7.5
EPSS 0.0021
EPSS Percentile 11.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-829
Status published
Products (3)
Dell/PowerFlex < 4.5.5.2 or later
Dell/PowerFlex < 5.1.0.1 or later
dell/powerflex_manager < 4.8.0
Published Jun 17, 2026
Tracked Since Jun 17, 2026