DSA-2026-259: Security Update for Dell Container Storage Modules Multiple Vulnerabilities
Resumen: Dell Container Storage Modules remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Critical
Detalles
| Third-party Component | CVEs | More Information |
| sudo | CVE-2025-32462 | |
| gnupg2 | CVE-2025-68973 | |
| pam | CVE-2024-10963, CVE-2025-6020, CVE-2025-8941 | |
| sqlite | CVE-2025-6965 | |
| openssh | CVE-2026-3497 | |
| python3.9 | CVE-2024-12718,CVE-2025-4517, CVE-2026-4519, CVE-2025-4138, CVE-2023-6597 | |
| vim | CVE-2026-28417,CVE-2026-33412, CVE-2026-28421 | |
| curl | CVE-2025-9086 | https://nvd.nist.gov/vuln/search |
| glib2 | CVE-2025-13601 | https://nvd.nist.gov/vuln/search |
| openssl | CVE-2025-69421, CVE-2025-69418, CVE-2026-22796, CVE-2025-15469, CVE-2026-22795, CVE-2024-12797, CVE-2025-15467, CVE-2025-68160, CVE-2025-11187, CVE-2025-15468, CVE-2025-69420, CVE-2025-66199, CVE-2025-69419, CVE-2025-9230 | https://nvd.nist.gov/vuln/search |
| libarchive | CVE-2025-5914, CVE-2026-4111 | https://nvd.nist.gov/vuln/search |
| libxml2 | CVE-2025-7425, CVE-2025-24928, CVE-2025-49796, CVE-2025-49794, CVE-2024-56171 | https://nvd.nist.gov/vuln/search |
| expat | CVE-2025-59375 | https://nvd.nist.gov/vuln/search |
| python-urllib3 | CVE-2025-66471, CVE-2026-21441, CVE-2025-66418 | https://nvd.nist.gov/vuln/search |
| python-setuptools | CVE-2024-6345 | https://nvd.nist.gov/vuln/search |
| krb5 | CVE-2024-3596 | https://nvd.nist.gov/vuln/search |
| glibc | CVE-2026-0915, CVE-2026-0861, CVE-2025-15281 | https://nvd.nist.gov/vuln/search |
| systemd | CVE-2025-4598 | https://nvd.nist.gov/vuln/search |
| nghttp2 | CVE-2026-27135 | https://nvd.nist.gov/vuln/search |
| google.golang.org/grpc | CVE-2026-33186 | https://nvd.nist.gov/vuln/search |
| brotli | CVE-2025-6176 | https://nvd.nist.gov/vuln/search |
| crypto/x509 | CVE-2025-61729 | https://nvd.nist.gov/vuln/search |
| net/url | CVE-2025-61726, CVE-2026-25679 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-40711 | Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 8.0 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-40711 | Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 8.0 |
Corrección y productos afectados
| CVE ID(s) | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerFlex | Versions 2.15.0 through 2.15.1 | Version 2.15.2 or later |
quay.io/dell/container-storage-modules/csi-vxflexos
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerFlex | Versions prior to 2.17.0 | Version 2.17.0 or later |
quay.io/dell/container-storage-modules/csi-vxflexos |
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerStore | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-powerstore
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell Unity XT | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-unity
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerMax | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-powermax
|
| CVE-2024-12718, CVE-2026-28417, CVE-2025-32462, CVE-2025-68973, CVE-2025-13601, CVE-2025-69421, CVE-2025-69418, CVE-2024-10963, CVE-2025-9086, CVE-2025-4598, CVE-2025-4517, CVE-2026-4519, CVE-2025-6965, CVE-2026-33412, CVE-2026-3497, CVE-2025-15469, CVE-2026-22795, CVE-2025-49796, CVE-2025-49794, CVE-2026-21441, CVE-2025-66418, CVE-2026-22796, CVE-2024-56171, CVE-2024-12797, CVE-2025-4138, CVE-2025-59375, CVE-2025-15467, CVE-2025-68160, CVE-2025-66471, CVE-2023-6597, CVE-2025-11187, CVE-2026-0861, CVE-2025-6020, CVE-2025-24928, CVE-2026-28421, CVE-2025-15468, CVE-2026-0915, CVE-2025-8941, CVE-2024-6345, CVE-2024-3596, CVE-2025-69420, CVE-2025-15281, CVE-2026-27135, CVE-2025-66199, CVE-2025-7425, CVE-2025-69419, CVE-2025-5914, CVE-2025-9230, CVE-2026-4111, CVE-2026-33186, CVE-2025-6176, CVE-2025-61729, CVE-2025-61726, CVE-2026-25679 | Dell Container Storage Modules | csi-powerflex | Versions prior to 1.15.2 | Version 1.15.2 and later |
quay.io/dell/container-storage-modules/csi-vxflexos |
| CVE ID(s) | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerFlex | Versions 2.15.0 through 2.15.1 | Version 2.15.2 or later |
quay.io/dell/container-storage-modules/csi-vxflexos
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerFlex | Versions prior to 2.17.0 | Version 2.17.0 or later |
quay.io/dell/container-storage-modules/csi-vxflexos |
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerStore | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-powerstore
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell Unity XT | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-unity
|
| CVE-2026-40711 | Dell Container Storage Modules | CSI Driver for Dell PowerMax | Versions prior to 2.17.0 | Version 2.17.0 or later | quay.io/dell/container-storage-modules/csi-powermax
|
| CVE-2024-12718, CVE-2026-28417, CVE-2025-32462, CVE-2025-68973, CVE-2025-13601, CVE-2025-69421, CVE-2025-69418, CVE-2024-10963, CVE-2025-9086, CVE-2025-4598, CVE-2025-4517, CVE-2026-4519, CVE-2025-6965, CVE-2026-33412, CVE-2026-3497, CVE-2025-15469, CVE-2026-22795, CVE-2025-49796, CVE-2025-49794, CVE-2026-21441, CVE-2025-66418, CVE-2026-22796, CVE-2024-56171, CVE-2024-12797, CVE-2025-4138, CVE-2025-59375, CVE-2025-15467, CVE-2025-68160, CVE-2025-66471, CVE-2023-6597, CVE-2025-11187, CVE-2026-0861, CVE-2025-6020, CVE-2025-24928, CVE-2026-28421, CVE-2025-15468, CVE-2026-0915, CVE-2025-8941, CVE-2024-6345, CVE-2024-3596, CVE-2025-69420, CVE-2025-15281, CVE-2026-27135, CVE-2025-66199, CVE-2025-7425, CVE-2025-69419, CVE-2025-5914, CVE-2025-9230, CVE-2026-4111, CVE-2026-33186, CVE-2025-6176, CVE-2025-61729, CVE-2025-61726, CVE-2026-25679 | Dell Container Storage Modules | csi-powerflex | Versions prior to 1.15.2 | Version 1.15.2 and later |
quay.io/dell/container-storage-modules/csi-vxflexos |
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2026-06-18 | Initial release |
Información relacionada
Descargo de responsabilidad
Productos afectados
Container Storage Modules Family, Container Storage ModulesPropiedades del artículo
Número del artículo: 000478300
Tipo de artículo: Dell Security Advisory
Última modificación: 18 jun 2026
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.