DSA-2026-054: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities

Resumen: Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a: Este artículo no se aplica a: Este artículo no está vinculado a ningún producto específico. En este artículo no se identifican todas las versiones de los productos.

Impacto

High

Detalles

Third-party Component CVEs More Information
DOMPurify CVE-2024-47875 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Urlparse, urllib.parse.urlsplit CVE-2025-0938 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-21418 Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-22277 Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-21418 Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-22277 Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recomienda que todos los clientes tengan en cuenta la puntuación base CVSS y las puntuaciones temporales o de entorno relevantes que puedan afectar a la posible gravedad asociada a una determinada vulnerabilidad de seguridad.

Productos afectados y corrección

Product Software/Firmware Affected Versions Remediated Versions Link
Dell Unity Dell Unity Operating Environment (OE) Versions prior to 5.5.2 Version 5.5.3 or later https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers

 

Product Software/Firmware Affected Versions Remediated Versions Link
Dell Unity Dell Unity Operating Environment (OE) Versions prior to 5.5.2 Version 5.5.3 or later https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers

 

Historial de revisiones

RevisionDateDescription
1.02026-01-29Initial Release

 

Agradecimientos

CVE-2026-21418, CVE-2026-22277: Dell would like to thank LIUPENG for reporting this issue.

Información relacionada

Productos afectados

Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F

Productos

Dell EMC Unity, Dell Unity 450F DC, Dell Unity 300, Dell Unity 300 DC, Dell Unity 350F DC, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell Unity 400 DC, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 650F, Dell EMC Unity XT 680 , Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Hybrid, Dell Unity Operating Environment (OE) ...
Propiedades del artículo
Número de artículo: 000421197
Tipo de artículo: Dell Security Advisory
Última modificación: 29 ene 2026
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.