CVE-2026-35069
MediumCVSS 5.7Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
Dell PowerFlex Manager versions prior to 5.1.0.1 contain an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to script injection.
Risk Assessment
This vulnerability could allow attackers to gain control over the application, potentially leading to data leakage or malicious actions within the system. Organizations should be aware of the risks associated with unauthorized access to their resources.
Recommendation
It is recommended to update Dell PowerFlex Manager to version 5.1.0.1 or later to mitigate this vulnerability. Additionally, monitoring network access and implementing appropriate security measures can help minimize the risk of attacks.
Original NVD description (English source)
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

