PatchSiren cyber security CVE debrief
CVE-2026-49502 Dell CVE debrief
CVE-2026-49502 is an Improper Authentication vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1. An unauthenticated attacker with adjacent network access could exploit this vulnerability, leading to information disclosure, tampering, and unauthorized access. The vulnerability has a high CVSS score of 7.4, indicating a high risk. Security teams should review and address this vulnerability promptly.
- Vendor
- Dell
- Product
- PowerFlex
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-25
Who should care
Security teams and administrators responsible for Dell PowerFlex Manager installations should be aware of CVE-2026-49502, as it poses a high risk with a CVSS score of 7.4. They should review and address this vulnerability promptly to prevent potential exploitation.
Technical summary
The vulnerability, tracked as CVE-2026-49502, is caused by improper authentication in Dell PowerFlex Manager. This allows an unauthenticated attacker with adjacent network access to potentially exploit the vulnerability, leading to information disclosure, tampering, and unauthorized access. The CVSS vector for this vulnerability is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. The vulnerability affects Dell PowerFlex Manager versions prior to 5.1.0.1.
Defensive priority
High priority should be given to addressing CVE-2026-49502 due to its high CVSS score and potential impact.
Recommended defensive actions
- Inventory and assess Dell PowerFlex Manager installations for version 5.1.0.1 or later
- Apply the vendor-provided patch or upgrade to version 5.1.0.1 or later
- Implement compensating controls such as network segmentation and access controls
- Monitor for suspicious activity and implement exception tracking
- Review and verify the integrity of affected systems
- Track exceptions and retest remediated assets
Evidence notes
The CVE record was published on 2026-06-17T15:16:59.850Z and was last modified on 2026-06-25T14:16:42.013Z. The NVD entry is currently Modified. The source details indicate an Improper Authentication vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1. Evidence is limited to CVE and NVD entries.
Official resources
-
CVE-2026-49502 CVE record
CVE.org
-
CVE-2026-49502 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T15:16:59.850Z and has not been modified since then. The NVD entry is currently Modified.