CVE-2026-49502
Summary
| CVE | CVE-2026-49502 |
|---|---|
| State | PUBLISHED |
| Assigner | dell |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-17 15:16:59 UTC |
| Updated | 2026-06-25 14:16:42 UTC |
| Description | Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access. |
Risk And Classification
Primary CVSS: v3.1 8.1 HIGH from [email protected]
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS: 0.002100000 probability, percentile 0.110270000 (date 2026-06-24)
Problem Types: CWE-287 | CWE-287 CWE-287: Improper Authentication
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 8.1 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | [email protected] | Secondary | 7.4 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
| 3.1 | CNA | CVSS | 7.4 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
AdjacentAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
NoneCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dell | Powerflex Manager | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-fo... | [email protected] | www.dell.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Dell would like to thank brocked200 for reporting this issue. (en)
There are currently no legacy QID mappings associated with this CVE.