CVE-2026-28265PATCHED

dell · powerstore

CVE-2026-28265: PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access cou

Description

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

Affected Products

Vendor	Product	Versions
dell	powerstore	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

References

https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-28265 | Dell PowerStore path traversal (dsa-2026-157)

→ No new info (linked only)

CVSS 3.14.4 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.4.0.0-2692403 or later

CWECWE-35

PublishedApr 1, 2026

Last enriched6h agov2

Trending Score23

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-22768

CVE-2026-22768: Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low

Trending: 32

HIGHCVE-2026-22767

CVE-2026-22767: Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged att

Trending: 27

MEDIUMCVE-2026-22764

Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability

HIGHCVE-2025-36589

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially explo

MEDIUMCVE-2026-24510

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vu

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: affectedVersions, severity

Apr 1, 2026

Patch Available

Apr 1, 2026

Version History

Last enriched 6h ago

v2Tier C6h ago

Updated affected versions to include specific PowerStore models and changed severity to HIGH.

affectedVersionsseverity

via VulDB

v17h ago

Initial creation