CVE-2026-35065

HIGH

Dell PowerFlex - Missing Authentication for Critical Function

Title source: rule
STIX 2.1

Description

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access.

Scores

CVSS v3 8.8
EPSS 0.0033
EPSS Percentile 25.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-306
Status published
Products (3)
Dell/PowerFlex < 4.5.5.2 or later
Dell/PowerFlex < 5.1.0.1 or later
dell/powerflex_manager < 4.5.5.2
Published Jun 17, 2026
Tracked Since Jun 17, 2026