PatchSiren cyber security CVE debrief
CVE-2026-35065 Dell CVE debrief
CVE-2026-35065 is a high-severity vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1. The vulnerability allows an unauthenticated attacker with adjacent network access to potentially exploit it, leading to code execution, denial of service, information disclosure, information tampering, remote execution, script injection, and unauthorized access. This vulnerability is caused by a missing authentication for a critical function in Dell PowerFlex Manager. The CVSS score for this vulnerability is 8.8, indicating a high severity. Organizations should review their current configurations and apply patches or mitigations as necessary.
- Vendor
- Dell
- Product
- PowerFlex
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-25
Who should care
Organizations using Dell PowerFlex Manager versions prior to 5.1.0.1 should prioritize patching this vulnerability to prevent potential exploitation. This vulnerability may impact operators responsible for system updates, platform administrators, and security teams monitoring for potential threats.
Technical summary
The vulnerability is caused by a missing authentication for a critical function in Dell PowerFlex Manager. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution, denial of service, information disclosure, information tampering, remote execution, script injection, and unauthorized access. The CVSS score for this vulnerability is 8.8, indicating a high severity. Affected product deployments should be reviewed for exposure, and patches or mitigations should be applied according to vendor guidance.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by Dell to update PowerFlex Manager to version 5.1.0.1 or later.
- Implement network segmentation to limit access to the affected system.
- Monitor system logs for suspicious activity.
- Conduct regular vulnerability assessments and penetration testing.
- Consider implementing a web application firewall to detect and prevent attacks.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-06-17T15:16:45.807Z and was last modified on 2026-06-25T14:16:37.727Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope or impact of this vulnerability. Defenders should verify affected systems and review vendor advisories for specific guidance.
Official resources
-
CVE-2026-35065 CVE record
CVE.org
-
CVE-2026-35065 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T15:16:45.807Z and has not been modified since then. The NVD entry is currently Modified.