Command Injection Vulnerability in Dell SmartFabric Storage Software
CVE-2026-35070

6.4MEDIUM

Key Information:

Vendor: Dell
Status: Smartfabric Storage Software
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-35070?

Dell SmartFabric Storage Software versions prior to 1.4.5 contains a command injection vulnerability that allows an attacker with high privileges and local access to exploit this flaw. This exploitation can lead to unauthorized filesystem access, potentially compromising the integrity of the system. It is crucial for users and administrators to apply the latest updates to ensure their systems remain secure against potential threats.

Affected Version(s)

SmartFabric Storage Software 0 < 1.4.5 or later

References

https://www.dell.com/support/kbdoc/en-us/000466942/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue.

CVE-2026-35070 Data

JSON