DSA-2026-259: Security Update for Dell Container Storage Modules Multiple Vulnerabilities
Oversigt: Dell Container Storage Modules remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Denne artikel gælder for
Denne artikel gælder ikke for
Denne artikel er ikke knyttet til et bestemt produkt.
Det er ikke alle produktversioner, der er identificeret i denne artikel.
Virkning
Critical
Oplysninger
| Third-party Component | CVEs | More Information |
| sudo | CVE-2025-32462 | |
| gnupg2 | CVE-2025-68973 | |
| pam | CVE-2024-10963, CVE-2025-6020, CVE-2025-8941 | |
| sqlite | CVE-2025-6965 | |
| openssh | CVE-2026-3497 | |
| python3.9 | CVE-2024-12718,CVE-2025-4517, CVE-2026-4519, CVE-2025-4138, CVE-2023-6597 | |
| vim | CVE-2026-28417,CVE-2026-33412, CVE-2026-28421 | |
| curl | CVE-2025-9086 | https://nvd.nist.gov/vuln/search |
| glib2 | CVE-2025-13601 | https://nvd.nist.gov/vuln/search |
| openssl | CVE-2025-69421, CVE-2025-69418, CVE-2026-22796, CVE-2025-15469, CVE-2026-22795, CVE-2024-12797, CVE-2025-15467, CVE-2025-68160, CVE-2025-11187, CVE-2025-15468, CVE-2025-69420, CVE-2025-66199, CVE-2025-69419, CVE-2025-9230 | https://nvd.nist.gov/vuln/search |
| libarchive | CVE-2025-5914, CVE-2026-4111 | https://nvd.nist.gov/vuln/search |
| libxml2 | CVE-2025-7425, CVE-2025-24928, CVE-2025-49796, CVE-2025-49794, CVE-2024-56171 | https://nvd.nist.gov/vuln/search |
| expat | CVE-2025-59375 | https://nvd.nist.gov/vuln/search |
| python-urllib3 | CVE-2025-66471, CVE-2026-21441, CVE-2025-66418 | https://nvd.nist.gov/vuln/search |
| python-setuptools | CVE-2024-6345 | https://nvd.nist.gov/vuln/search |
| krb5 | CVE-2024-3596 | https://nvd.nist.gov/vuln/search |
| glibc | CVE-2026-0915, CVE-2026-0861, CVE-2025-15281 | https://nvd.nist.gov/vuln/search |
| systemd | CVE-2025-4598 | https://nvd.nist.gov/vuln/search |
| nghttp2 | CVE-2026-27135 | https://nvd.nist.gov/vuln/search |
| google.golang.org/grpc | CVE-2026-33186 | https://nvd.nist.gov/vuln/search |
| brotli | CVE-2025-6176 | https://nvd.nist.gov/vuln/search |
| crypto/x509 | CVE-2025-61729 | https://nvd.nist.gov/vuln/search |
| net/url | CVE-2025-61726, CVE-2026-25679 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-40711 | Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 8.0 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-40711 | Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 8.0 |
Berørte produkter og udbedring
| CVE ID(s) | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerFlex | Versions 2.15.0 through 2.15.1 | Version 2.15.2 or later |
quay.io/dell/container-storage-modules/csi-vxflexos
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerFlex | Versions prior to 2.17.0 | Version 2.17.0 or later |
quay.io/dell/container-storage-modules/csi-vxflexos |
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerStore | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-powerstore
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell Unity XT | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-unity
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerMax | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-powermax
|
| CVE-2024-12718, CVE-2026-28417, CVE-2025-32462, CVE-2025-68973, CVE-2025-13601, CVE-2025-69421, CVE-2025-69418, CVE-2024-10963, CVE-2025-9086, CVE-2025-4598, CVE-2025-4517, CVE-2026-4519, CVE-2025-6965, CVE-2026-33412, CVE-2026-3497, CVE-2025-15469, CVE-2026-22795, CVE-2025-49796, CVE-2025-49794, CVE-2026-21441, CVE-2025-66418, CVE-2026-22796, CVE-2024-56171, CVE-2024-12797, CVE-2025-4138, CVE-2025-59375, CVE-2025-15467, CVE-2025-68160, CVE-2025-66471, CVE-2023-6597, CVE-2025-11187, CVE-2026-0861, CVE-2025-6020, CVE-2025-24928, CVE-2026-28421, CVE-2025-15468, CVE-2026-0915, CVE-2025-8941, CVE-2024-6345, CVE-2024-3596, CVE-2025-69420, CVE-2025-15281, CVE-2026-27135, CVE-2025-66199, CVE-2025-7425, CVE-2025-69419, CVE-2025-5914, CVE-2025-9230, CVE-2026-4111, CVE-2026-33186, CVE-2025-6176, CVE-2025-61729, CVE-2025-61726, CVE-2026-25679 | Dell Container Storage Modules | csi-powerflex | Versions prior to 1.15.2 | Version 1.15.2 and later |
quay.io/dell/container-storage-modules/csi-vxflexos |
| CVE ID(s) | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerFlex | Versions 2.15.0 through 2.15.1 | Version 2.15.2 or later |
quay.io/dell/container-storage-modules/csi-vxflexos
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerFlex | Versions prior to 2.17.0 | Version 2.17.0 or later |
quay.io/dell/container-storage-modules/csi-vxflexos |
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerStore | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-powerstore
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell Unity XT | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-unity
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerMax | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-powermax
|
| CVE-2024-12718, CVE-2026-28417, CVE-2025-32462, CVE-2025-68973, CVE-2025-13601, CVE-2025-69421, CVE-2025-69418, CVE-2024-10963, CVE-2025-9086, CVE-2025-4598, CVE-2025-4517, CVE-2026-4519, CVE-2025-6965, CVE-2026-33412, CVE-2026-3497, CVE-2025-15469, CVE-2026-22795, CVE-2025-49796, CVE-2025-49794, CVE-2026-21441, CVE-2025-66418, CVE-2026-22796, CVE-2024-56171, CVE-2024-12797, CVE-2025-4138, CVE-2025-59375, CVE-2025-15467, CVE-2025-68160, CVE-2025-66471, CVE-2023-6597, CVE-2025-11187, CVE-2026-0861, CVE-2025-6020, CVE-2025-24928, CVE-2026-28421, CVE-2025-15468, CVE-2026-0915, CVE-2025-8941, CVE-2024-6345, CVE-2024-3596, CVE-2025-69420, CVE-2025-15281, CVE-2026-27135, CVE-2025-66199, CVE-2025-7425, CVE-2025-69419, CVE-2025-5914, CVE-2025-9230, CVE-2026-4111, CVE-2026-33186, CVE-2025-6176, CVE-2025-61729, CVE-2025-61726, CVE-2026-25679 | Dell Container Storage Modules | csi-powerflex | Versions prior to 1.15.2 | Version 1.15.2 and later |
quay.io/dell/container-storage-modules/csi-vxflexos |
Revisionshistorik
| Revision | Date | Description |
| 1.0 | 2026-06-18 | Initial release |
Relaterede oplysninger
Ansvarsfraskrivelse
Berørte produkter
Container Storage Modules Family, Container Storage ModulesArtikelegenskaber
Artikelnummer: 000478300
Artikeltype: Dell Security Advisory
Senest ændret: 18 jun. 2026
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.