Cross-Site Scripting Vulnerability in Dell Unisphere for PowerMax vApp
CVE-2026-23861

5.4MEDIUM

Key Information:

Vendor: Dell
Status: Unisphere For Powermax Vapp,
Vendor: CVE Published:; 17 February 2026

What is CVE-2026-23861?

The Dell Unisphere for PowerMax vApp, specifically in version 9.2.4.x, suffers from a Cross-site Scripting vulnerability. This allows a low privileged attacker with remote access to execute harmful HTML or JavaScript code in a victim's web browser through the compromised application. If successfully exploited, it may result in information disclosure, session theft, or unauthorized client-side request forgery, posing significant risks to the integrity and confidentiality of user data.

Affected Version(s)

Unisphere for PowerMax vApp, < 9.2.4.19 or later

References

https://www.dell.com/support/kbdoc/en-us/000402262/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2026
Vulnerability Reserved
Jan 16, 2026

CVE-2026-23861 Data

JSON