CVE-2026-40711

HIGH

Dell Container Storage Modules - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Title source: rule
STIX 2.1

Description

Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Scores

CVSS v3 8.0
EPSS 0.0095
EPSS Percentile 57.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
Dell/Container Storage Modules < 2.15.2 or later
Dell/Container Storage Modules < 2.17.0 or later
Published Jun 26, 2026
Tracked Since Jun 26, 2026