Cyber Posture

CVE-2026-26362

High

Published: 19 February 2026

Published
19 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0009 25.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26362 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Dell Unisphere For Powermax. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Validates the integrity of user-supplied relative path inputs to prevent traversal beyond intended directories, blocking unauthorized modification of critical system files.

AC-3 Access Enforcement good match
prevent

Enforces approved access authorizations for logical access to system resources, preventing low-privileged remote attackers from modifying critical files.

AC-6 Least Privilege good match
prevent

Applies the principle of least privilege to ensure low-privileged users cannot perform modifications on critical system files even if path traversal is attempted.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
attack.mitre.org →
Why these techniques?

Remote path traversal write in web management app (Unisphere) directly enables exploitation of public-facing application (T1190) and stored data manipulation via critical file modification (T1565.001); arbitrary file write in web context also facilitates web shell deployment (T1505.003).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.

Deeper analysisAI

CVE-2026-26362 is a Relative Path Traversal vulnerability (CWE-23) in Dell Unisphere for PowerMax, specifically affecting version 10.2. Published on 2026-02-19T09:16:26.070, the flaw allows potential exploitation leading to unauthorized modification of critical system files. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on integrity and availability.

A low-privileged attacker with remote access can exploit this vulnerability. Successful exploitation enables unauthorized modification of critical system files, resulting in high integrity and availability impacts without affecting confidentiality or requiring user interaction.

Dell's security advisory DSA-2026-102, documented at https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities, addresses this vulnerability along with others in Unisphere for PowerMax and PowerMax EEM, providing relevant security updates.

Details

CWE(s)
CWE-23

Affected Products

dell
unisphere for powermax
≤ 10.3.0.1 · ≤ 10.3.0.1

CVEs Like This One

CVE-2026-26359Same product: Dell Unisphere For Powermax
CVE-2026-26360Same product: Dell Unisphere For Powermax
CVE-2026-26358Same product: Dell Unisphere For Powermax
CVE-2025-36589Same product: Dell Unisphere For Powermax
CVE-2025-36588Same product: Dell Unisphere For Powermax
CVE-2026-22766Same vendor: Dell
CVE-2026-26944Same vendor: Dell
CVE-2026-28265Same vendor: Dell
CVE-2026-22266Same vendor: Dell
CVE-2025-26336Same vendor: Dell

References