CVE-2026-35070 Dell CVE debrief

Who should care

Administrators and security teams responsible for Dell SmartFabric Storage Software, especially on systems where highly privileged local users or administrative automation accounts exist.

Technical summary

The vulnerability is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command). NVD's CVSS vector is AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a local attack that requires high privileges and no user interaction. The published description says affected versions are prior to 1.4.5 and that successful exploitation could provide filesystem access for the attacker.

Defensive priority

Medium. The attack requires high local privileges, but the potential impact is significant enough to warrant prompt remediation on any affected deployment.

Recommended defensive actions

• Identify whether Dell SmartFabric Storage Software is installed and confirm the running version.
• Upgrade systems to version 1.4.5 or later in line with the Dell security update referenced by NVD.
• Review and restrict who has high-privileged local access to affected hosts.
• Monitor for unexpected command execution, filesystem changes, or privilege misuse on affected systems.
• If upgrade cannot be completed immediately, apply compensating controls around administrative access and change management.

Evidence notes

This debrief is based only on the supplied NVD record and the linked Dell security advisory reference. The CVE description states the affected product is Dell SmartFabric Storage Software prior to 1.4.5 and characterizes the issue as command injection with potential filesystem access. NVD metadata lists CWE-77 and the CVSS 3.1 vector AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H, and marks the record as 'Awaiting Analysis'.

Official resources