CVE Catalog

CVE-2026-40711

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Summary

An OS Command Injection vulnerability in Dell Container Storage Modules (csi-powerstore, csi-unity, csi-powerflex, csi-powermax version 2.16.0) allows a high-privileged attacker with remote access to execute arbitrary operating system commands.

Risk Assessment

The risk involves potential takeover of containers and possibly the entire cluster, leading to compromise of confidentiality, integrity, and availability of data stored in Dell systems.

Recommendation

Immediately update the csi-powerstore, csi-unity, csi-powerflex, and csi-powermax modules to a version newer than 2.16.0, following vendor recommendations.

Original NVD description (English source)

Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS