PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35068 Dell CVE debrief

CVE-2026-35068 is an SQL injection vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1. A low-privileged attacker with adjacent network access could exploit it, leading to information disclosure. The vulnerability has a CVSS score of 3.5 and a severity of LOW. Organizations should review and apply patches to prevent potential information disclosure.

Vendor
Dell
Product
PowerFlex
CVSS
LOW 3.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-25
Advisory published
2026-06-17
Advisory updated
2026-06-25

Who should care

Organizations using Dell PowerFlex Manager versions prior to 5.1.0.1 should prioritize patching this vulnerability to prevent potential information disclosure. Security teams and administrators responsible for Dell PowerFlex Manager deployments should review and apply patches.

Technical summary

The CVE-2026-35068 vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1 is caused by improper neutralization of special elements used in an SQL command. This allows a low-privileged attacker with adjacent network access to potentially exploit the vulnerability, leading to information disclosure. The vulnerability has a CVSS score of 3.5 and a severity of LOW. Dell has provided a security update for PowerFlex software. To address this vulnerability, organizations should review and apply patches to prevent potential information disclosure. Affected product deployments should be identified in managed environments, and owners should be assigned for follow-up. The official advisory or CVE record should be reviewed to validate affected scope, severity, and vendor guidance. Additionally, compensating controls for exposed systems should be reviewed while remediation is scheduled and verified.

Defensive priority

Patching this vulnerability is recommended to prevent potential information disclosure. Dell has provided a security update for PowerFlex software. Security teams should prioritize patching and review compensating controls.

Recommended defensive actions

  • Apply the security update provided by Dell (https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities)
  • Restrict access to the PowerFlex Manager to only necessary personnel
  • Monitor for suspicious activity on the network
  • Perform regular vulnerability assessments and penetration testing
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-06-17T17:16:46.047Z and was last modified on 2026-06-25T14:16:38.040Z. The NVD entry is currently Modified. This SQL injection vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1 allows a low-privileged attacker with adjacent network access to potentially exploit the vulnerability, leading to information disclosure. Evidence is limited to CVE and NVD details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T17:16:46.047Z and has not been modified since then. The NVD entry is currently Modified.