CVE Catalog

CVE-2026-35068

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. A low privileged attacker with adjacent network access could exploit this vulnerability, potentially leading to information disclosure.

Risk Assessment

The organization may be exposed to the disclosure of sensitive information, which could lead to further attacks or data breaches.

Recommendation

It is recommended to update Dell PowerFlex Manager to version 5.1.0.1 or later to mitigate this vulnerability.

Original NVD description (English source)

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS