Cyber Resilience

CVE-2026-26362

High

Published: 19 February 2026

Published
19 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0032 23.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-26362 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Dell Unisphere For Powermax. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-26362 is a Relative Path Traversal vulnerability (CWE-23) in Dell Unisphere for PowerMax, specifically affecting version 10.2. Published on 2026-02-19T09:16:26.070, the flaw allows potential exploitation leading to unauthorized modification of critical system files. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on integrity and availability.

A low-privileged attacker with remote access can exploit this vulnerability. Successful exploitation enables unauthorized modification of critical system files, resulting in high integrity and availability impacts without affecting confidentiality or requiring user interaction.

Dell's security advisory DSA-2026-102, documented at https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities, addresses this vulnerability along with others in Unisphere for PowerMax and PowerMax EEM, providing relevant security updates.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Remote path traversal write in web management app (Unisphere) directly enables exploitation of public-facing application (T1190) and stored data manipulation via critical file modification (T1565.001); arbitrary file write in web context also facilitates web shell deployment (T1505.003).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26359Same product: Dell Unisphere For Powermax
CVE-2026-26360Same product: Dell Unisphere For Powermax
CVE-2026-26358Same product: Dell Unisphere For Powermax
CVE-2025-36588Same product: Dell Unisphere For Powermax
CVE-2025-36589Same product: Dell Unisphere For Powermax
CVE-2026-22766Same vendor: Dell
CVE-2025-26336Same vendor: Dell
CVE-2025-43728Same vendor: Dell
CVE-2026-28265Same vendor: Dell
CVE-2025-43995Same vendor: Dell

Affected Assets

dell
unisphere for powermax
≤ 10.3.0.1 · ≤ 10.3.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates the integrity of user-supplied relative path inputs to prevent traversal beyond intended directories, blocking unauthorized modification of critical system files.

prevent

Enforces approved access authorizations for logical access to system resources, preventing low-privileged remote attackers from modifying critical files.

prevent

Applies the principle of least privilege to ensure low-privileged users cannot perform modifications on critical system files even if path traversal is attempted.

References