DSA-2026-208: Security Update for Dell PowerScale InsightIQ Multiple Vulnerabilities
Oversigt: Dell PowerScale InsightIQ remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Denne artikel gælder for
Denne artikel gælder ikke for
Denne artikel er ikke knyttet til et bestemt produkt.
Det er ikke alle produktversioner, der er identificeret i denne artikel.
Virkning
High
Oplysninger
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-35071 | Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | 8.2 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2026-40638 | Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-35071 | Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | 8.2 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2026-40638 | Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Berørte produkter og udbedring
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2026-35071 | PowerScale InsightIQ | Versions 6.0.0 through 6.2.0 | Version 6.3.0 or later | PowerScale InsightIQ Downloads Area |
| CVE-2026-40638 | PowerScale InsightIQ | Versions 5.0.0 through 6.2.0 | Version 6.3.0 or later | PowerScale InsightIQ Downloads Area |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2026-35071 | PowerScale InsightIQ | Versions 6.0.0 through 6.2.0 | Version 6.3.0 or later | PowerScale InsightIQ Downloads Area |
| CVE-2026-40638 | PowerScale InsightIQ | Versions 5.0.0 through 6.2.0 | Version 6.3.0 or later | PowerScale InsightIQ Downloads Area |
Revisionshistorik
| Revision | Date | Description |
| 1 |
5/11/2026
| Initial Release |
Bekræftelser
CVE-2026-35071, CVE-2026-40638: Dell would like to thank Ahmed Y. Elmogy for reporting this issue.
Relaterede oplysninger
Ansvarsfraskrivelse
Berørte produkter
PowerScale InsightIQArtikelegenskaber
Artikelnummer: 000463695
Artikeltype: Dell Security Advisory
Senest ændret: 11 maj 2026
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.