DSA-2026-020: Security Update for Dell Secure Connect Gateway-Application Vulnerabilities

Sommaire: Dell Secure Connect Gateway Application and Appliance remediation is available for multiple security vulnerabilities that could result in RCE and XSS attacks.

Cet article s’applique à Cet article ne s’applique pas à Cet article n’est lié à aucun produit spécifique. Toutes les versions de produits ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

Critical

Détails

Third-party Component CVEs More Information
DOMPurify CVE-2025-26791, CVE-2024-48910, CVE-2024-47875, CVE-2024-45801 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-27101 Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution. 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-27101 Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution. 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommande à tous ses clients de tenir compte à la fois du score de base CVSS et de tous les scores temporels et environnementaux pertinents qui pourraient avoir une incidence sur la gravité potentielle associée à une vulnérabilité de sécurité particulière.

Produits touchés et correction

Product Affected Versions Remediated Versions Link

Secure Connect Gateway-Application

Versions 5.28.00.00 through 5.32.00.00

 

Version 5.34.00.00 or later

 https://www.dell.com/support/product-details/product/secure-connect-gateway-app-edition/drivers

Secure Connect Gateway-Appliance

Between v5.28.00.00 and v5.32.00.00

Version 5.34.00.00 or later

 https://www.dell.com/support/product-details/product/secure-connect-gateway-app-edition/drivers

 

Product Affected Versions Remediated Versions Link

Secure Connect Gateway-Application

Versions 5.28.00.00 through 5.32.00.00

 

Version 5.34.00.00 or later

 https://www.dell.com/support/product-details/product/secure-connect-gateway-app-edition/drivers

Secure Connect Gateway-Appliance

Between v5.28.00.00 and v5.32.00.00

Version 5.34.00.00 or later

 https://www.dell.com/support/product-details/product/secure-connect-gateway-app-edition/drivers

 

Historique de révision

RevisionDateDescription 
1.02026-03-16Initial Release
2.02026-03-23Corrected advisory to reflect only Secure Connect Gateway Application

 

Reconnaissances

CVE-2026-27101: Dell would like to thank Ahmed Y. Elmogy for reporting this issue.

Renseignements connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Avis de non-responsabilité

Produits touchés

Secure Connect Gateway, Secure Connect Gateway - Application Edition
Propriétés de l’article
Numéro d’article: 000438589
Type d’article: Dell Security Advisory
Dernière modification: 23 mars 2026
Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell
Services de soutien
Vérifiez si votre appareil est couvert par les services de soutien.