{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22284", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-07T07:17:24.537Z", "datePublished": "2026-02-17T19:46:48.602Z", "dateUpdated": "2026-02-26T14:44:19.322Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SmartFabric OS10 Software", "vendor": "Dell", "versions": [{"lessThan": "10.5.6.12", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dell would like to thank kkking for reporting this issue"}], "datePublic": "2026-02-17T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution."}], "value": "Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-02-17T19:46:48.602Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000429181/dsa-2026-033-security-update-for-dell-networking-os10-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22284", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-18T04:56:31.794158Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:19.322Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22284", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-18T04:56:31.794158Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T16:27:31.628Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dell would like to thank kkking for reporting this issue"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "SmartFabric OS10 Software", "versions": [{"status": "affected", "version": "N/A", "lessThan": "10.5.6.12", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-17T18:00:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000429181/dsa-2026-033-security-update-for-dell-networking-os10-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.", "supportingMedia": [{"type": "text/html", "value": "Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-02-17T19:46:48.602Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22284", "state": "PUBLISHED", "dateUpdated": "2026-02-25T16:34:31.708Z", "dateReserved": "2026-01-07T07:17:24.537Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-02-17T19:46:48.602Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FBAD301-932A-4149-8BC9-99831E0A5932", "versionEndExcluding": "10.5.6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution."}, {"lang": "es", "value": "El software Dell SmartFabric OS10, versiones anteriores a la 10.5.6.12, contiene una vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando ('inyecci\u00f3n de comandos'). Un atacante con altos privilegios y acceso remoto podr\u00eda potencialmente explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos."}], "id": "CVE-2026-22284", "lastModified": "2026-02-26T22:03:40.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-17T20:22:09.490", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000429181/dsa-2026-033-security-update-for-dell-networking-os10-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.5.6.12)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "smartfabric_os10_software", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-17T18:53:44.237659+00:00", "value": {"mitigation_remediation": ["Apply the Dell DSA-2026-033 security update for OS10 to bring the system to version 10.5.6.12 or later.", "Ensure the operating system is upgraded to at least version 10.5.6.12, which contains the fix.", "Limit remote administrative access to trusted networks or VPNs to reduce exposure to high\u2011privileged attackers."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected vendor is Dell, and the product is SmartFabric OS10. Versions before 10.5.6.12 are vulnerable; all later releases include the remediation.", "description_and_impact": "Dell SmartFabric OS10 Software contains a command injection vulnerability caused by improper neutralization of special elements used in a command. This flaw allows a high privileged attacker who can reach the device remotely to inject arbitrary commands, resulting in execution of those commands on the system. The potential impact includes full compromise of the device\u2019s confidentiality, integrity, and availability, giving the attacker control over network infrastructure components. ", "risk_and_exploitability": "The assigned CVSS score of 6.6 reflects moderate to high severity. With an EPSS score of less than 1% and no listing in the CISA KEV catalog, the likelihood of exploitation in the wild is low but not zero. The attack requires remote access and high-level administrative privileges, indicating that the vulnerability is reachable over network management channels and can be leveraged by attackers who have compromised privileged credentials or adjacent network components."}}}}, "created": "2026-02-18T10:33:26.599884+00:00", "title": "Command Injection via Improper Input Sanitization in Dell SmartFabric OS10", "updated": "2026-04-17T19:00:11.050685+00:00", "vendors": ["dell", "dell$PRODUCT$smartfabric_os10_software"]}