CVE-2026-35068
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
Dell PowerFlex Manager versions prior to 5.1.0.1 contain an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. A low privileged attacker with adjacent network access could exploit this vulnerability, potentially leading to information disclosure.
Risk Assessment
The organization may be exposed to the disclosure of sensitive information, which could lead to further attacks or data breaches.
Recommendation
It is recommended to update Dell PowerFlex Manager to version 5.1.0.1 or later to mitigate this vulnerability.
Original NVD description (English source)
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure.

