PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-22283 Dell CVE debrief

Dell PowerFlex Manager, versions prior to 5.1.0.1, are vulnerable to an Inclusion of Functionality from Untrusted Control Sphere vulnerability. This vulnerability allows an unauthenticated attacker with remote access to potentially exploit the vulnerability, leading to information disclosure. The affected product is Dell PowerFlex Manager. The vulnerability class is Inclusion of Functionality from Untrusted Control Sphere. The likely operational impact is information disclosure. The source confidence is limited to the CVE record and NVD entry.

Vendor
Dell
Product
PowerFlex
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-25
Advisory published
2026-06-17
Advisory updated
2026-06-25

Who should care

Security teams and administrators responsible for Dell PowerFlex Manager systems should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes reviewing the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. Operators, platform administrators, and security teams should review compensating controls for exposed systems while remediation is scheduled and verified.

Technical summary

The Dell PowerFlex Manager, versions prior to 5.1.0.1, contain an Inclusion of Functionality from Untrusted Control Sphere vulnerability. This vulnerability allows an unauthenticated attacker with remote access to potentially exploit the vulnerability, leading to information disclosure. The vulnerability affects Dell PowerFlex Manager systems. The defensive impact is high, and defenders should prioritize patching or mitigating this vulnerability.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, as it can lead to information disclosure. Defenders should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Recommended defensive actions

  • Apply the latest patch (version 5.1.0.1 or later) to Dell PowerFlex Manager systems.
  • Restrict remote access to Dell PowerFlex Manager systems.
  • Monitor Dell PowerFlex Manager systems for suspicious activity.
  • Verify the integrity of Dell PowerFlex Manager systems and data.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-06-17T15:16:44.513Z and was last modified on 2026-06-25T14:16:36.613Z. The NVD entry is currently Modified. This vulnerability affects Dell PowerFlex Manager versions prior to 5.1.0.1. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.5, indicating a high severity level. The evidence is based on the CVE record and NVD entry, which may have limited information. Defenders should verify the affected scope and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T15:16:44.513Z and has not been modified since then. The NVD entry is currently Modified.