External Control of File Name or Path Vulnerability in Dell Unisphere for PowerMax
CVE-2026-26359

8.8HIGH

Key Information:

Vendor: Dell
Status: Unisphere For Powermax; Powermax
Vendor: CVE Published:; 19 February 2026

What is CVE-2026-26359?

Dell Unisphere for PowerMax contains a vulnerability that enables low privileged attackers with remote access to potentially overwrite arbitrary files. This flaw arises from insufficient validation of user input for file names and paths, allowing malicious entities to exploit the system and compromise its integrity. Organizations using Unisphere for PowerMax should take immediate steps to secure their systems by applying the latest security updates and reviewing their access controls to mitigate the risk associated with this vulnerability.

Affected Version(s)

PowerMax < 10.3.0.1 or later

Unisphere for PowerMax < 10.3.0.1 or later

References

https://www.dell.com/support/kbdoc/en-us/000429268/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Feb 13, 2026

CVE-2026-26359 Data

JSON