Zero Day MonitorZDM

← Back to list

6.4

CVE-2026-35070PATCHED

dell · smartfabric storage software

CVE-2026-35070: Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used

Description

Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

Affected Products

Vendor	Product	Versions
dell	smartfabric storage software	0

References

https://www.dell.com/support/kbdoc/en-us/000466942/dsa-2026-235-security-update-for-dell-networking-smartfabric-storage-software-vulnerabilities(vendor-advisory)

Related News (2 articles)

Tier B

CCCS Canada14d ago

Dell security advisory (AV26-504)

→ No new info (linked only)

Tier C

VulDB19d ago

CVE-2026-35070 | Dell SmartFabric Storage Software up to 1.4.4 command injection (dsa-2026-235)

→ No new info (linked only)

CVSS 3.16.4 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.4.5 or later

CWECWE-77

PublishedMay 20, 2026

Last enriched19d agov2

Trending Score8

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-46638

CVE-2025-46638: Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remo

Multiple Vulnerabilities in Dell Products Including Dell Private Cloud, PowerSwitch Z9864F-ON, Dell Automation Platform, and Dell VxRail Appliance

MEDIUMCVE-2026-40713EXP

CVE-2026-40713: Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenti

HIGHCVE-2026-40715

CVE-2026-40715: Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privile

NONECVE-2026-9489EXP

NitroSense V3: Local Privilege Escalation (LPE) vulnerability

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 20, 2026

Discovered by ZDM

May 20, 2026

Updated: severity, affectedVersions

May 20, 2026

Patch Available

May 21, 2026

Version History

v2

Last enriched 19d ago

v2Tier C19d ago

Updated severity to CRITICAL and affected versions to include 1.4.4.

severityaffectedVersions

via VulDB

v119d ago

Initial creation