Cyber Resilience

CVE-2026-26358

High

Published: 19 February 2026

Published
19 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0037 28.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-26358 is a high-severity Missing Authorization (CWE-862) vulnerability in Dell Unisphere For Powermax. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-26358 is a Missing Authorization vulnerability (CWE-862) affecting Dell Unisphere for PowerMax in version 10.2. Published on 2026-02-19, it enables unauthorized access and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its network accessibility, low attack complexity, and potential for high impacts on confidentiality, integrity, and availability.

A low-privileged attacker with remote access can exploit this vulnerability to achieve unauthorized access to the affected system.

Dell's security advisory DSA-2026-102 addresses this issue along with multiple other vulnerabilities in Dell Unisphere for PowerMax and PowerMax EEM. Further details on patches and mitigations are available at https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Missing authorization (CWE-862) in network-accessible Unisphere management interface allows low-privileged remote attacker to perform unauthorized high-impact actions, directly mapping to exploitation of public-facing app for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26359Same product: Dell Unisphere For Powermax
CVE-2026-26360Same product: Dell Unisphere For Powermax
CVE-2026-26362Same product: Dell Unisphere For Powermax
CVE-2026-32658Same vendor: Dell
CVE-2026-22765Same vendor: Dell
CVE-2025-36589Same product: Dell Unisphere For Powermax
CVE-2025-36588Same product: Dell Unisphere For Powermax
CVE-2026-23778Same vendor: Dell
CVE-2026-23776Same vendor: Dell
CVE-2025-2110Shared CWE-862

Affected Assets

dell
unisphere for powermax
≤ 10.3.0.1 · ≤ 10.3.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to information and system resources, directly countering the missing authorization exploited by low-privileged remote attackers in Dell Unisphere for PowerMax.

prevent

Provides capability for access control decisions on system resources by defined personnel or roles, addressing the core missing authorization mechanism in this vulnerability.

prevent

Employs least privilege to restrict low-privileged accounts from unnecessary access, reducing the scope of unauthorized actions possible via the flawed authorization.

References