CVE-2026-26360 is a high-severity vulnerability affecting Dell Unisphere for PowerMax, specifically version 10.2. This vulnerability allows low-privileged attackers with remote access to potentially exploit the system to delete arbitrary files. With a CVSS score of 8.1, it poses a significant risk to organizations that utilize this software.
The exploitation of this vulnerability could lead to unauthorized file deletion, impacting the integrity and availability of critical data. Organizations should assess their exposure and take immediate action to remediate this issue.
The urgency for defenders is high, given the potential for exploitation. Organizations should prioritize patching immediately. The vulnerability was disclosed on February 19, 2026, and further details can be found in the vendor advisory.
Given that the vulnerability is classified as high severity, it is critical for organizations to remain vigilant and ensure that appropriate security measures are in place to prevent any potential exploitation.
Vulnerability Details
The vulnerability exists due to an external control of file name or path. The affected product is Dell Unisphere for PowerMax version 10.2, which is susceptible to this flaw. The CVSS score of 8.1 indicates a high severity level, highlighting the need for immediate attention from security teams.
The publication date for this vulnerability was February 19, 2026, and it falls under the CWE classification of CWE-73.
Technical Analysis
The root cause of this vulnerability is the improper handling of file names and paths, which allows a low-privileged attacker to manipulate these to delete files. The attack vector is network-based, requiring minimal complexity, and does not necessitate user interaction. The impact on integrity and availability is classified as high, with no confidentiality impact.
Risk & Impact Analysis
Risk to organizations includes potential data loss and disruption of service. The blast radius could be significant, affecting multiple systems if exploited. Organizations must consider the urgency based on the CVSS score and the potential consequences of exploitation.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The affected version is Dell Unisphere for PowerMax, version 10.2. All versions prior to the vendor patch are considered vulnerable.
Mitigation & Remediation
Organizations should prioritize patching immediately. Ensure that you upgrade to version 10.3.0.1 or later to mitigate this vulnerability. Additional security measures include configuration hardening and monitoring for any unauthorized changes.
Detection Guidance
Monitor logs for any indicators of unauthorized file deletion attempts. Look for behavioral anomalies that may suggest exploitation attempts.
AppSecure Threat Intelligence Insight
This vulnerability highlights the importance of proper access controls and file path handling in software applications. Organizations should learn from this incident to improve their security posture by regularly reviewing access controls and conducting thorough security testing.
Security teams are encouraged to follow a comprehensive penetration testing methodology to identify and remediate vulnerabilities before they can be exploited.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)