DSA-2026-259: Security Update for Dell Container Storage Modules Multiple Vulnerabilities

摘要: Dell Container Storage Modules remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

影响

Critical

详情

Third-party Component CVEs More Information
sudo CVE-2025-32462
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
gnupg2 CVE-2025-68973
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
pam CVE-2024-10963, CVE-2025-6020, CVE-2025-8941
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
sqlite CVE-2025-6965
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
openssh CVE-2026-3497
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
python3.9 CVE-2024-12718,CVE-2025-4517, CVE-2026-4519, CVE-2025-4138, CVE-2023-6597
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
vim CVE-2026-28417,CVE-2026-33412, CVE-2026-28421
https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
curl CVE-2025-9086 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2025-13601 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
openssl CVE-2025-69421, CVE-2025-69418, CVE-2026-22796, CVE-2025-15469, CVE-2026-22795, CVE-2024-12797, CVE-2025-15467, CVE-2025-68160, CVE-2025-11187, CVE-2025-15468, CVE-2025-69420, CVE-2025-66199, CVE-2025-69419, CVE-2025-9230 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libarchive CVE-2025-5914, CVE-2026-4111 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2025-7425, CVE-2025-24928, CVE-2025-49796, CVE-2025-49794, CVE-2024-56171 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
expat CVE-2025-59375 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
python-urllib3 CVE-2025-66471, CVE-2026-21441, CVE-2025-66418 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
python-setuptools CVE-2024-6345 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2024-3596 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2026-0915, CVE-2026-0861, CVE-2025-15281 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
systemd CVE-2025-4598 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
nghttp2 CVE-2026-27135 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
google.golang.org/grpc CVE-2026-33186 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
brotli CVE-2025-6176 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
crypto/x509 CVE-2025-61729 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
net/url CVE-2025-61726, CVE-2026-25679 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40711 Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. 8.0
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40711 Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. 8.0
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVE ID(s) Product  Software/Firmware Affected Versions  Remediated Versions  Link
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell PowerFlex Versions 2.15.0 through 2.15.1 Version 2.15.2 or later

quay.io/dell/container-storage-modules/csi-vxflexos This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell PowerFlex Versions prior to 2.17.0 Version 2.17.0 or later

quay.io/dell/container-storage-modules/csi-vxflexos 

This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell PowerStore Versions prior to 2.17.0 Version 2.17.0 or later quay.io/dell/container-storage-modules/csi-powerstore 

This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell Unity XT Versions prior to 2.17.0 Version 2.17.0 or later quay.io/dell/container-storage-modules/csi-unity

This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell PowerMax Versions prior to 2.17.0 Version 2.17.0 or later quay.io/dell/container-storage-modules/csi-powermax 

This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-12718, CVE-2026-28417, CVE-2025-32462, CVE-2025-68973, CVE-2025-13601, CVE-2025-69421, CVE-2025-69418, CVE-2024-10963, CVE-2025-9086, CVE-2025-4598, CVE-2025-4517, CVE-2026-4519, CVE-2025-6965, CVE-2026-33412, CVE-2026-3497, CVE-2025-15469, CVE-2026-22795, CVE-2025-49796, CVE-2025-49794, CVE-2026-21441, CVE-2025-66418, CVE-2026-22796, CVE-2024-56171, CVE-2024-12797, CVE-2025-4138, CVE-2025-59375, CVE-2025-15467, CVE-2025-68160, CVE-2025-66471, CVE-2023-6597, CVE-2025-11187, CVE-2026-0861, CVE-2025-6020, CVE-2025-24928, CVE-2026-28421, CVE-2025-15468, CVE-2026-0915, CVE-2025-8941, CVE-2024-6345, CVE-2024-3596, CVE-2025-69420, CVE-2025-15281, CVE-2026-27135, CVE-2025-66199, CVE-2025-7425, CVE-2025-69419, CVE-2025-5914, CVE-2025-9230, CVE-2026-4111, CVE-2026-33186, CVE-2025-6176, CVE-2025-61729, CVE-2025-61726, CVE-2026-25679 Dell Container Storage Modules csi-powerflex Versions prior to 1.15.2 Version 1.15.2 and later

quay.io/dell/container-storage-modules/csi-vxflexos 

This hyperlink is taking you to a website outside of Dell Technologies.
CVE ID(s) Product  Software/Firmware Affected Versions  Remediated Versions  Link
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell PowerFlex Versions 2.15.0 through 2.15.1 Version 2.15.2 or later

quay.io/dell/container-storage-modules/csi-vxflexos This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell PowerFlex Versions prior to 2.17.0 Version 2.17.0 or later

quay.io/dell/container-storage-modules/csi-vxflexos 

This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell PowerStore Versions prior to 2.17.0 Version 2.17.0 or later quay.io/dell/container-storage-modules/csi-powerstore 

This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell Unity XT Versions prior to 2.17.0 Version 2.17.0 or later quay.io/dell/container-storage-modules/csi-unity

This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-40711 Dell Container Storage Modules CSI Driver for Dell PowerMax Versions prior to 2.17.0 Version 2.17.0 or later quay.io/dell/container-storage-modules/csi-powermax 

This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-12718, CVE-2026-28417, CVE-2025-32462, CVE-2025-68973, CVE-2025-13601, CVE-2025-69421, CVE-2025-69418, CVE-2024-10963, CVE-2025-9086, CVE-2025-4598, CVE-2025-4517, CVE-2026-4519, CVE-2025-6965, CVE-2026-33412, CVE-2026-3497, CVE-2025-15469, CVE-2026-22795, CVE-2025-49796, CVE-2025-49794, CVE-2026-21441, CVE-2025-66418, CVE-2026-22796, CVE-2024-56171, CVE-2024-12797, CVE-2025-4138, CVE-2025-59375, CVE-2025-15467, CVE-2025-68160, CVE-2025-66471, CVE-2023-6597, CVE-2025-11187, CVE-2026-0861, CVE-2025-6020, CVE-2025-24928, CVE-2026-28421, CVE-2025-15468, CVE-2026-0915, CVE-2025-8941, CVE-2024-6345, CVE-2024-3596, CVE-2025-69420, CVE-2025-15281, CVE-2026-27135, CVE-2025-66199, CVE-2025-7425, CVE-2025-69419, CVE-2025-5914, CVE-2025-9230, CVE-2026-4111, CVE-2026-33186, CVE-2025-6176, CVE-2025-61729, CVE-2025-61726, CVE-2026-25679 Dell Container Storage Modules csi-powerflex Versions prior to 1.15.2 Version 1.15.2 and later

quay.io/dell/container-storage-modules/csi-vxflexos 

This hyperlink is taking you to a website outside of Dell Technologies.

修订历史记录

RevisionDateDescription
1.02026-06-18Initial release

相关信息

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免责声明

受影响的产品

Container Storage Modules Family, Container Storage Modules
文章属性
文章编号: 000478300
文章类型: Dell Security Advisory
上次修改时间: 18 6月 2026
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。