PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54470 Dell CVE debrief

CVE-2026-54470 is an Improper Restriction of XML External Entity Reference vulnerability in Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. This vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Security teams should review the CVE record and NVD entry for further details and assess the potential impact on their systems.

Vendor
Dell
Product
Unisphere for PowerMax
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Security teams and administrators responsible for Dell Unisphere for PowerMax systems, especially those with version(s) 10.3.0.5 and prior, should be aware of this vulnerability. They should review the CVE record and NVD entry for further details and assess the potential impact on their systems. Additionally, they should consider applying security updates and monitoring for suspicious activity.

Technical summary

The CVE-2026-54470 vulnerability is classified as an Improper Restriction of XML External Entity Reference. It has a CVSS score of 5.3 and a severity of MEDIUM. The vulnerability allows a low privileged attacker with remote access to potentially exploit it, leading to Unauthorized access. The affected product is Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior. The CVE record and NVD entry provide additional information on this vulnerability.

Defensive priority

Medium priority due to the potential for unauthorized access. Security teams should prioritize reviewing and applying security updates, restricting access to affected systems, and monitoring for suspicious activity.

Recommended defensive actions

  • Review and apply the security update provided by Dell.
  • Restrict access to the affected systems.
  • Monitor for suspicious activity.
  • Inventory and track affected systems.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-07-10T13:16:20.550Z and has not been modified since then. The NVD entry is currently Received. This information is based on the NVD entry and the CVE record. The vulnerability affects Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior. The CVE record and NVD entry provide details on the vulnerability, but additional verification may be necessary to confirm affected deployments and assess potential impact.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T13:16:20.550Z and has not been modified since then. The NVD entry is currently Received.