PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-49502 Dell CVE debrief

CVE-2026-49502 is an Improper Authentication vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1. An unauthenticated attacker with adjacent network access could exploit this vulnerability, leading to information disclosure, tampering, and unauthorized access. The vulnerability has a high CVSS score of 7.4, indicating a high risk. Security teams should review and address this vulnerability promptly.

Vendor
Dell
Product
PowerFlex
CVSS
HIGH 7.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-25
Advisory published
2026-06-17
Advisory updated
2026-06-25

Who should care

Security teams and administrators responsible for Dell PowerFlex Manager installations should be aware of CVE-2026-49502, as it poses a high risk with a CVSS score of 7.4. They should review and address this vulnerability promptly to prevent potential exploitation.

Technical summary

The vulnerability, tracked as CVE-2026-49502, is caused by improper authentication in Dell PowerFlex Manager. This allows an unauthenticated attacker with adjacent network access to potentially exploit the vulnerability, leading to information disclosure, tampering, and unauthorized access. The CVSS vector for this vulnerability is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. The vulnerability affects Dell PowerFlex Manager versions prior to 5.1.0.1.

Defensive priority

High priority should be given to addressing CVE-2026-49502 due to its high CVSS score and potential impact.

Recommended defensive actions

  • Inventory and assess Dell PowerFlex Manager installations for version 5.1.0.1 or later
  • Apply the vendor-provided patch or upgrade to version 5.1.0.1 or later
  • Implement compensating controls such as network segmentation and access controls
  • Monitor for suspicious activity and implement exception tracking
  • Review and verify the integrity of affected systems
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-06-17T15:16:59.850Z and was last modified on 2026-06-25T14:16:42.013Z. The NVD entry is currently Modified. The source details indicate an Improper Authentication vulnerability in Dell PowerFlex Manager versions prior to 5.1.0.1. Evidence is limited to CVE and NVD entries.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T15:16:59.850Z and has not been modified since then. The NVD entry is currently Modified.