CVE-2026-22283 | Dell PowerFlex Manager, version(s) Version prior to 4.8, con… | CVSS 7.5 HIGH

Description

Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Metadata

CVE ID: CVE-2026-22283
State: PUBLISHED
Assigner: dell
Reserved: 2026-01-07 07:17 UTC
Published: 2026-06-17 14:24 UTC
Last updated: 2026-06-17 15:38 UTC
Primary CWE: CWE-829
CWE-829: Inclusion of Functionality from Untrusted Control S…
Vendor / Product: Dell / PowerFlex
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Dell	PowerFlex	—	0 < 5.1.0.1 or later, 0 < 4.5.5.2 or later

Weakness (CWE)

CWE	Source	Description
CWE-829	cna	CWE-829: Inclusion of Functionality from Untrusted Control Sphere

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.5	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References (1)

https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities