CVE-2026-35065 | Dell PowerFlex Manager, version(s) [Versions], contain(s) a … | CVSS 8.8 HIGH

Description

Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access.

Metadata

CVE ID: CVE-2026-35065
State: PUBLISHED
Assigner: dell
Reserved: 2026-04-01 05:04 UTC
Published: 2026-06-17 14:42 UTC
Last updated: 2026-06-17 16:09 UTC
Primary CWE: CWE-306
CWE-306: Missing Authentication for Critical Function
Vendor / Product: Dell / PowerFlex
Sources: cve.org · NVD

Severity & Metrics

8.8 HIGH CVSS 3.1

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Dell	PowerFlex	—	0 < 5.1.0.1 or later, 0 < 4.5.5.2 or later

Weakness (CWE)

CWE	Source	Description
CWE-306	cna	CWE-306: Missing Authentication for Critical Function

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.8	HIGH	3.1	cna	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities