CVE-2026-40711
HighCVSS 8.0Summary
An OS Command Injection vulnerability in Dell Container Storage Modules (csi-powerstore, csi-unity, csi-powerflex, csi-powermax version 2.16.0) allows a high-privileged attacker with remote access to execute arbitrary operating system commands.
Risk Assessment
The risk involves potential takeover of containers and possibly the entire cluster, leading to compromise of confidentiality, integrity, and availability of data stored in Dell systems.
Recommendation
Immediately update the csi-powerstore, csi-unity, csi-powerflex, and csi-powermax modules to a version newer than 2.16.0, following vendor recommendations.
Original NVD description (English source)
Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

