8
CVE-2026-40711
- EPSS 0.95%
- Veröffentlicht 26.06.2026 12:31:00
- Zuletzt bearbeitet 26.06.2026 15:48:58
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerDell
≫
Produkt
Container Storage Modules
Default Statusunaffected
Version
0
Version <
2.15.2 or later
Status
affected
Version
0
Version <
2.17.0 or later
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.95% | 0.569 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security_alert@emc.com | 8 | 1.3 | 6 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://www.dell.com/support/kbdoc/en-za/000478300/dsa-2026-259-security-update-for-dell-container-storage-modules-multiple-vulnerabilities?msockid=2e06327ba9266050201f2467a8f461dd