CVE Catalog

CVE-2026-35069

MediumCVSS 5.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

Dell PowerFlex Manager versions prior to 5.1.0.1 contain an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to script injection.

Risk Assessment

This vulnerability could allow attackers to gain control over the application, potentially leading to data leakage or malicious actions within the system. Organizations should be aware of the risks associated with unauthorized access to their resources.

Recommendation

It is recommended to update Dell PowerFlex Manager to version 5.1.0.1 or later to mitigate this vulnerability. Additionally, monitoring network access and implementing appropriate security measures can help minimize the risk of attacks.

Original NVD description (English source)

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS