OS Command Injection Vulnerability in Dell PowerFlex Manager
CVE-2026-56688

9.1CRITICAL

Key Information:

Vendor

Dell

Vendor
CVE Published:
10 July 2026

What is CVE-2026-56688?

Dell PowerFlex Manager, versions prior to 5.1.0.1, are vulnerable to an OS Command Injection issue. This vulnerability allows a high privileged attacker with remote access to exploit weaknesses in OS Repository processing, potentially executing arbitrary commands as root. This exploitation could lead to a complete compromise of the appliance and enable lateral movement within the managed infrastructure.

Affected Version(s)

PowerFlex Manager 0 < 5.1.0.1 or later

PowerFlex Manager 0 < 4.5.5.2 or later

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.