PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35065 Dell CVE debrief

CVE-2026-35065 is a high-severity vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1. The vulnerability allows an unauthenticated attacker with adjacent network access to potentially exploit it, leading to code execution, denial of service, information disclosure, information tampering, remote execution, script injection, and unauthorized access. This vulnerability is caused by a missing authentication for a critical function in Dell PowerFlex Manager. The CVSS score for this vulnerability is 8.8, indicating a high severity. Organizations should review their current configurations and apply patches or mitigations as necessary.

Vendor
Dell
Product
PowerFlex
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-25
Advisory published
2026-06-17
Advisory updated
2026-06-25

Who should care

Organizations using Dell PowerFlex Manager versions prior to 5.1.0.1 should prioritize patching this vulnerability to prevent potential exploitation. This vulnerability may impact operators responsible for system updates, platform administrators, and security teams monitoring for potential threats.

Technical summary

The vulnerability is caused by a missing authentication for a critical function in Dell PowerFlex Manager. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution, denial of service, information disclosure, information tampering, remote execution, script injection, and unauthorized access. The CVSS score for this vulnerability is 8.8, indicating a high severity. Affected product deployments should be reviewed for exposure, and patches or mitigations should be applied according to vendor guidance.

Defensive priority

High

Recommended defensive actions

  • Apply the patch provided by Dell to update PowerFlex Manager to version 5.1.0.1 or later.
  • Implement network segmentation to limit access to the affected system.
  • Monitor system logs for suspicious activity.
  • Conduct regular vulnerability assessments and penetration testing.
  • Consider implementing a web application firewall to detect and prevent attacks.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-06-17T15:16:45.807Z and was last modified on 2026-06-25T14:16:37.727Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope or impact of this vulnerability. Defenders should verify affected systems and review vendor advisories for specific guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T15:16:45.807Z and has not been modified since then. The NVD entry is currently Modified.