DSA-2026-054: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities

Сводка: Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Данная статья применяется к Данная статья не применяется к Эта статья не привязана к какому-либо конкретному продукту. В этой статье указаны не все версии продуктов.
Ознакомьтесь с другими ресурсами

Влияние

High

Подробные сведения

Third-party Component CVEs More Information
DOMPurify CVE-2024-47875 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Urlparse, urllib.parse.urlsplit CVE-2025-0938 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-21418 Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-22277 Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-21418 Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-22277 Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell рекомендует всем клиентам учитывать как базовую оценку CVSS, так и любые временные и обусловленные средой оценки, которые могут повлиять на потенциальную степень серьезности конкретной уязвимости.

Затронутые продукты и исправление

Product Software/Firmware Affected Versions Remediated Versions Link
Dell Unity Dell Unity Operating Environment (OE) Versions prior to 5.5.2 Version 5.5.3 or later https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers

 

Product Software/Firmware Affected Versions Remediated Versions Link
Dell Unity Dell Unity Operating Environment (OE) Versions prior to 5.5.2 Version 5.5.3 or later https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers

 

История изменений

RevisionDateDescription
1.02026-01-29Initial Release

 

Сведения об авторе и авторских правах

CVE-2026-21418, CVE-2026-22277: Dell would like to thank LIUPENG for reporting this issue.

Связанная информация

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Правовая оговорка

Затронутые продукты

Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F

Продукты

Dell EMC Unity, Dell Unity 450F DC, Dell Unity 300, Dell Unity 300 DC, Dell Unity 350F DC, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell Unity 400 DC, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 650F, Dell EMC Unity XT 680 , Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Hybrid, Dell Unity Operating Environment (OE) ...
Свойства статьи
Номер статьи: 000421197
Тип статьи: Dell Security Advisory
Последнее изменение: 29 Jan 2026
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.