CVE-2026-26358
Published: 19 February 2026
Summary
CVE-2026-26358 is a high-severity Missing Authorization (CWE-862) vulnerability in Dell Unisphere For Powermax. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-26358 is a Missing Authorization vulnerability (CWE-862) affecting Dell Unisphere for PowerMax in version 10.2. Published on 2026-02-19, it enables unauthorized access and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its network accessibility, low attack complexity, and potential for high impacts on confidentiality, integrity, and availability.
A low-privileged attacker with remote access can exploit this vulnerability to achieve unauthorized access to the affected system.
Dell's security advisory DSA-2026-102 addresses this issue along with multiple other vulnerabilities in Dell Unisphere for PowerMax and PowerMax EEM. Further details on patches and mitigations are available at https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8012
Vulnerability details
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization (CWE-862) in network-accessible Unisphere management interface allows low-privileged remote attacker to perform unauthorized high-impact actions, directly mapping to exploitation of public-facing app for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for logical access to information and system resources, directly countering the missing authorization exploited by low-privileged remote attackers in Dell Unisphere for PowerMax.
Provides capability for access control decisions on system resources by defined personnel or roles, addressing the core missing authorization mechanism in this vulnerability.
Employs least privilege to restrict low-privileged accounts from unnecessary access, reducing the scope of unauthorized actions possible via the flawed authorization.