PatchSiren cyber security CVE debrief
CVE-2026-35067 Dell CVE debrief
Dell PowerFlex Manager versions prior to 5.1.0.1 contain an Improper Access Control vulnerability. A low-privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to elevation of privileges and unauthorized access. This issue has a CVSS score of 5.7, indicating a medium severity level. The vulnerability allows attackers to gain unauthorized access and elevate privileges. Dell PowerFlex Manager is a software-defined storage and data management platform.
- Vendor
- Dell
- Product
- PowerFlex
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-25
Who should care
Administrators and users of Dell PowerFlex Manager versions prior to 5.1.0.1 should apply the necessary updates to prevent potential elevation of privileges and unauthorized access. Security teams and vulnerability management teams should review and prioritize this vulnerability for remediation. IT operators and platform administrators should be aware of the potential impact on their systems and take necessary precautions.
Technical summary
The Dell PowerFlex Manager, versions prior to 5.1.0.1, is vulnerable to an Improper Access Control issue. This vulnerability allows a low-privileged attacker with adjacent network access to potentially exploit the vulnerability, leading to elevation of privileges and unauthorized access. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.7, indicating a medium severity level. The vulnerability is caused by inadequate access controls, allowing unauthorized access to sensitive resources.
Defensive priority
Medium priority should be given to updating Dell PowerFlex Manager to version 5.1.0.1 or later to address the Improper Access Control vulnerability. Additional defensive measures include restricting access to authorized personnel, monitoring for suspicious activity, and reviewing compensating controls.
Recommended defensive actions
- Apply the necessary updates to Dell PowerFlex Manager to prevent potential elevation of privileges and unauthorized access.
- Restrict access to the Dell PowerFlex Manager to authorized personnel only.
- Monitor the system for any suspicious activity.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-06-17T15:16:46.400Z and was last modified on 2026-06-25T14:16:37.937Z. The NVD entry is currently Modified. This Improper Access Control vulnerability affects Dell PowerFlex Manager versions prior to 5.1.0.1. A low-privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to elevation of privileges and unauthorized access. Evidence is limited to CVE and NVD details.
Official resources
-
CVE-2026-35067 CVE record
CVE.org
-
CVE-2026-35067 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T15:16:46.400Z and has not been modified since then. The NVD entry is currently Modified.