PatchSiren cyber security CVE debrief
CVE-2026-35068 Dell CVE debrief
CVE-2026-35068 is an SQL injection vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1. A low-privileged attacker with adjacent network access could exploit it, leading to information disclosure. The vulnerability has a CVSS score of 3.5 and a severity of LOW. Organizations should review and apply patches to prevent potential information disclosure.
- Vendor
- Dell
- Product
- PowerFlex
- CVSS
- LOW 3.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-25
Who should care
Organizations using Dell PowerFlex Manager versions prior to 5.1.0.1 should prioritize patching this vulnerability to prevent potential information disclosure. Security teams and administrators responsible for Dell PowerFlex Manager deployments should review and apply patches.
Technical summary
The CVE-2026-35068 vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1 is caused by improper neutralization of special elements used in an SQL command. This allows a low-privileged attacker with adjacent network access to potentially exploit the vulnerability, leading to information disclosure. The vulnerability has a CVSS score of 3.5 and a severity of LOW. Dell has provided a security update for PowerFlex software. To address this vulnerability, organizations should review and apply patches to prevent potential information disclosure. Affected product deployments should be identified in managed environments, and owners should be assigned for follow-up. The official advisory or CVE record should be reviewed to validate affected scope, severity, and vendor guidance. Additionally, compensating controls for exposed systems should be reviewed while remediation is scheduled and verified.
Defensive priority
Patching this vulnerability is recommended to prevent potential information disclosure. Dell has provided a security update for PowerFlex software. Security teams should prioritize patching and review compensating controls.
Recommended defensive actions
- Apply the security update provided by Dell (https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities)
- Restrict access to the PowerFlex Manager to only necessary personnel
- Monitor for suspicious activity on the network
- Perform regular vulnerability assessments and penetration testing
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T17:16:46.047Z and was last modified on 2026-06-25T14:16:38.040Z. The NVD entry is currently Modified. This SQL injection vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1 allows a low-privileged attacker with adjacent network access to potentially exploit the vulnerability, leading to information disclosure. Evidence is limited to CVE and NVD details.
Official resources
-
CVE-2026-35068 CVE record
CVE.org
-
CVE-2026-35068 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T17:16:46.047Z and has not been modified since then. The NVD entry is currently Modified.