{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26360", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-02-13T18:05:27.826Z", "datePublished": "2026-02-19T08:41:00.849Z", "dateUpdated": "2026-02-23T18:35:11.184Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Unisphere for PowerMax", "vendor": "Dell", "versions": [{"lessThan": "10.3.0.1 or later", "status": "affected", "version": "N/A", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PowerMax", "vendor": "Dell", "versions": [{"lessThan": "10.3.0.1 or later", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "datePublic": "2026-02-18T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.<br>"}], "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-02-19T08:41:00.849Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T18:34:48.510238Z", "id": "CVE-2026-26360", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T18:35:11.184Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26360", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-23T18:34:48.510238Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T18:35:05.721Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Unisphere for PowerMax", "versions": [{"status": "affected", "version": "N/A", "lessThan": "10.3.0.1 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerMax", "versions": [{"status": "affected", "version": "N/A", "lessThan": "10.3.0.1 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-18T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.", "supportingMedia": [{"type": "text/html", "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-02-19T08:41:00.849Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26360", "state": "PUBLISHED", "dateUpdated": "2026-02-23T18:35:11.184Z", "dateReserved": "2026-02-13T18:05:27.826Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-02-19T08:41:00.849Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E2B8D81-A040-4365-B089-38A241734AF8", "versionEndExcluding": "10.3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:eem:*:*:*", "matchCriteriaId": "AD314301-3DEB-46C2-A641-C463CF25F6E0", "versionEndExcluding": "10.3.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files."}], "id": "CVE-2026-26360", "lastModified": "2026-02-20T20:59:06.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-02-19T09:16:25.737", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.3.0.1)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "matching", "scores": [{"score": 90.0, "source": "matching"}]}, "original": {"product": "PowerMax", "source": "cna", "vendor": "Dell"}, "product": "powermax_os", "vendor": "dell"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.3.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Unisphere for PowerMax", "source": "cna", "vendor": "Dell"}, "product": "unisphere_for_powermax", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-18T11:49:53.345569+00:00", "value": {"mitigation_remediation": ["Apply Dell security update DSA\u20112026\u2011102 for Unisphere for PowerMax", "Restrict network access to the Unisphere management interface so that only trusted administrators can log in", "Continuously monitor file system integrity to detect unexpected deletions and alert administrators"], "summary": {"action": "Apply Patch", "impact": "Delete Arbitrary Files"}, "threat_synthesis": {"affected_systems": "The affected products are Dell PowerMax and Dell Unisphere for PowerMax, specifically version 10.2 of Unisphere. The CPE strings identify the general Unisphere application and its EEM component, but no further sub\u2011version details are provided beyond the 10.2 release channel.", "description_and_impact": "Dell Unisphere for PowerMax version 10.2 contains an External Control of File Name or Path weakness that allows a low\u2011privileged attacker to delete arbitrary files on the system. This flaw means that an attacker who can reach the Unisphere management interface could specify any file path, resulting in destructive file removal and potential disruption of storage services. The vulnerability is classified as CWE\u201173 and is listed with a CVSS score of 8.1, indicating a high potential for damage if exploited.", "risk_and_exploitability": "The severity (CVSS 8.1) reflects the potential for significant disruption, yet the EPSS score falls below 1%, suggesting that, at present, exploitation opportunities are very limited. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, which further reduces evidence of active attacks. The likely attack vector is remote, requiring native access to the Unisphere web interface, and is only feasible for a low\u2011privileged user who can establish a connection to the management service. If exploited, the attacker could delete critical configuration or data files, jeopardizing system availability and integrity."}}}}, "created": "2026-02-20T10:07:53.898907+00:00", "title": "External Control of File Name or Path vulnerability allowing arbitrary file deletion in Dell Unisphere for PowerMax", "updated": "2026-04-18T12:00:05.879424+00:00", "vendors": ["dell", "dell$PRODUCT$powermax_os", "dell$PRODUCT$unisphere_for_powermax"]}