{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28265", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-02-25T18:04:25.462Z", "datePublished": "2026-04-01T07:41:28.180Z", "dateUpdated": "2026-04-01T13:10:14.638Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-01T07:41:28.180Z"}, "datePublic": "2026-03-25T06:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-35", "description": "CWE-35: Path Traversal", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "PowerStore", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 500T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 1000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 1200T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 3000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 3200Q", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 3200T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 5000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 5200Q", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 5200T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 7000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 9000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 9200T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T13:10:06.196625Z", "id": "CVE-2026-28265", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:10:14.638Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28265", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T13:10:06.196625Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:10:11.069Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerStore", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 500T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 1000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 1200T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 3000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 3200Q", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 3200T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 5000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 5200Q", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 5200T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 7000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 9000T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "PowerStore 9200T", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0.0-2692403 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-25T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.", "supportingMedia": [{"type": "text/html", "value": "PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-35", "description": "CWE-35: Path Traversal"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-01T07:41:28.180Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28265", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:10:14.638Z", "dateReserved": "2026-02-25T18:04:25.462Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-01T07:41:28.180Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6ACE53EA-9063-407A-BA59-B18F4362A201", "versionEndExcluding": "4.4.0.0-2692403", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:powerstore_1000t:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD5BE2B0-BB56-4E6C-8818-26910B23CE31", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_1200t:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB965674-7EBA-437E-A13B-39BC3F3FE139", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_3000t:-:*:*:*:*:*:*:*", "matchCriteriaId": "861B5BE7-159A-41FF-9658-D243051CAC88", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_3200q:-:*:*:*:*:*:*:*", "matchCriteriaId": "8456D5B0-3D6A-4020-B693-D949EE2BA12E", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_3200t:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0A29ED1-5CE6-4D49-A079-7F4E6D782DE1", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_5000t:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D5EE934-AD08-4C2B-B3EA-878975EE825E", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_500t:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B529671-71A1-428C-BC17-C8E002222FEA", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_5200q:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7CD86DB-77F8-45C8-848C-DD9DE9DA966D", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_5200t:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0FCFFD4-A989-4AF3-99DF-32AE2547D9C1", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_7000t:-:*:*:*:*:*:*:*", "matchCriteriaId": "37E8CD6E-65F4-48A0-B796-93E4EE51BD06", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_9000t:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9BB1B88-C9C0-4B08-84C6-279C79E34CD3", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:powerstore_9200t:-:*:*:*:*:*:*:*", "matchCriteriaId": "F90EFCBC-F720-4426-8043-EB1489820C22", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files."}], "id": "CVE-2026-28265", "lastModified": "2026-04-02T20:43:17.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-01T08:16:05.490", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-35"}], "source": "security_alert@emc.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-01T09:20:44.013940+00:00", "value": {"mitigation_remediation": ["Apply the Dell-provided security update as detailed in the Dell KB link (https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities)"], "summary": {"action": "Apply Patch", "impact": "Local file modification via path traversal"}, "threat_synthesis": {"affected_systems": "Dell PowerStore storage systems, including all models listed by Dell \u2013 1000T, 1200T, 3000T, 3200Q, 3200T, 5000T, 500T, 5200Q, 5200T, 7000T, 9000T and 9200T. No specific firmware or software version information is provided in the advisory.", "description_and_impact": "PowerStore includes a path traversal flaw that affects the Service user. A local attacker with low privileges can navigate beyond intended directories and overwrite arbitrary system files. This vulnerability is identified as CWE-35 and can compromise data integrity by allowing modification of critical configuration or executable files.", "risk_and_exploitability": "The CVSS base score of 4.4 places this vulnerability in the medium severity range. EPSS information is unavailable and it is not listed in the CISA Known Exploit Vulnerabilities catalog. The attack requires local, low\u2011privilege access to the Service user account, so the vector is limited to systems physically or otherwise locally accessible. Exploitation could allow an attacker to alter system files, potentially leading to unauthorized configuration changes or execution of malicious code if critical files are modified. Given the local nature and lack of remote accessibility, widespread impact is unlikely, but the modification of system files can still have severe operational consequences."}}}}, "created": "2026-04-02T07:49:45.963595+00:00", "title": "Path Traversal in Dell PowerStore Service User Allows Local File Modification", "updated": "2026-04-02T07:49:45.963623+00:00", "vendors": []}