DSA-2026-211 -: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities
요약: Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
High
세부 정보
| Third-party Component | CVEs | More Information |
| OpenSSL | CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-32659 | Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-32660 | Dell UnityVSA, version(s) 5.5.3 and prior, contain(s) an Observable Discrepancy vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2026-32795 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-32796 | Dell Unity, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| CVE-2026-32797 | Dell Unity, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Information disclosure. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-32798 | Dell Unity, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-32799 | Dell UnityVSA, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 6.8 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
| CVE-2026-32800 | Dell UnityVSA, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | 3.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2026-32801 | Dell UnityVSA, version(s) 5.5.3 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized command execution. | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-32659 | Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-32660 | Dell UnityVSA, version(s) 5.5.3 and prior, contain(s) an Observable Discrepancy vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2026-32795 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-32796 | Dell Unity, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| CVE-2026-32797 | Dell Unity, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Information disclosure. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-32798 | Dell Unity, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-32799 | Dell UnityVSA, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | 6.8 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
| CVE-2026-32800 | Dell UnityVSA, version(s) 5.5.3 and prior, contain(s) an Improper Neutralization of Special Elements vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | 3.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2026-32801 | Dell UnityVSA, version(s) 5.5.3 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized command execution. | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
영향을 받는 제품 및 문제 해결
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2026-32659, CVE-2026-32660, CVE-2026-32795, CVE-2026-32796, CVE-2026-32797, CVE-2026-32798, CVE-2026-32799, CVE-2026-32800, CVE-2026-32801 | Dell Unity | Dell Unity Operating Environment (OE) | Versions prior to 5.5.4 | 5.5.4.0.5.037 | https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2026-32659, CVE-2026-32660, CVE-2026-32795, CVE-2026-32796, CVE-2026-32797, CVE-2026-32798, CVE-2026-32799, CVE-2026-32800, CVE-2026-32801 | Dell Unity | Dell Unity Operating Environment (OE) | Versions prior to 5.5.4 | 5.5.4.0.5.037 | https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers |
개정 내역
| Revision | Date | Description |
| 1.0 | 2025-05-29 | Initial Release |
관련 정보
법적 고지 사항
해당 제품
Dell EMC Unity XT 380, Dell EMC Unity XT 480, Dell EMC Unity XT 680, Dell EMC Unity XT 880, Dell Unity Operating Environment (OE)문서 속성
문서 번호: 000470814
문서 유형: Dell Security Advisory
마지막 수정 시간: 29 5월 2026
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.