OS Command Injection Vulnerability in Dell PowerScale InsightIQ
CVE-2026-35071

8.2HIGH

Key Information:

Vendor: Dell
Status: Powerscale Insightiq
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-35071?

Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, is vulnerable to an OS command injection due to improper neutralization of special elements in OS commands. This vulnerability allows a privileged local attacker to execute arbitrary commands, potentially compromising the system's integrity and confidentiality. It is crucial for users of the affected versions to apply security updates immediately to mitigate the risks associated with this vulnerability.

Affected Version(s)

PowerScale InsightIQ 0 < 6.3.0 or later

References

https://www.dell.com/support/kbdoc/en-us/000463695/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

Dell would like to thank Ahmed Y. Elmogy for reporting this issue.

CVE-2026-35071 Data

JSON