DSA-2026-193: Security Update for Dell Automation Platform Multiple Vulnerabilities
概要: Dell Automation Platform remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Critical
詳細
| Third-party Component | CVEs | More Information |
| aiohttp | CVE-2025-69229, CVE-2025-69228, CVE-2025-69227, CVE-2025-69223 | https://nvd.nist.gov/vuln/search |
| BusyBox wget | CVE-2025-60876 | https://nvd.nist.gov/vuln/search |
| cbor2 | CVE-2025-68131 | https://nvd.nist.gov/vuln/search |
| GNU C Library | CVE-2025-4802 | https://nvd.nist.gov/vuln/search |
| GNU Tar | CVE-2025-45582 | https://nvd.nist.gov/vuln/search |
| GnuPG | CVE-2025-68973, CVE-2025-68972 | https://nvd.nist.gov/vuln/search |
| GnuTLS | CVE-2025-32990 | https://nvd.nist.gov/vuln/search |
| Go | CVE-2025-61729 | https://nvd.nist.gov/vuln/search |
| Kerberos 5 KDC | CVE-2024-26462 | https://nvd.nist.gov/vuln/search |
| kin-openapi | CVE-2025-30153 | https://nvd.nist.gov/vuln/search |
| Linux kernel | CVE-2022-0168 | https://nvd.nist.gov/vuln/search |
| OpenSSL | CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-9230 | https://nvd.nist.gov/vuln/search |
| pip | CVE-2018-20225 | https://nvd.nist.gov/vuln/search |
| urllib3 | CVE-2026-21441 | https://nvd.nist.gov/vuln/search |
| Werkzeug | CVE-2026-21860 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-32658 | Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | 8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-32658 | Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | 8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
影響を受ける製品と修復
| Product | Affected Versions | Remediated Versions | Link |
| Dell Automation Platform | Versions prior to 2.0.0.0 | Version 2.0.0.0 or later | Contact Customer Support and Quote DSA-2026-193 |
| Product | Affected Versions | Remediated Versions | Link |
| Dell Automation Platform | Versions prior to 2.0.0.0 | Version 2.0.0.0 or later | Contact Customer Support and Quote DSA-2026-193 |
Notes
- Dell recommends always upgrading to the latest product release. Refer to the Security Update Policy for more information.
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support.
- To address vulnerabilities in Dell NativeEdge Orchestrator 3.1.0.2 and prior, contact Dell Customer Support.
回避策と緩和策
None
変更履歴
| Revision | Date | Description |
| 1.0 | 2026-04-27 | Initial Release |
| 2.0 | 2026-05-07 | Major update: Removed Dell NativeEdge Orchestrator related vulnerabilities |
| 3.0 | 2026-05-12 | Minor update: Included acknowledgments for CVE-2026-32658 |
確認
Dell would like to thank Radjnies Bhansingh, Kin Hung Cheng and Swathi Govindarajan from Securify for reporting CVE-2026-32658.
関連情報
法的免責事項
対象製品
Dell Automation Platform, Dell Automation Platform Components文書のプロパティ
文書番号: 000458049
文書の種類: Dell Security Advisory
最終更新: 11 5月 2026
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。