PT-2026-57159 · Dell · Unisphere For Powermax
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-54469
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell Unisphere for PowerMax versions prior to 10.3.0.7
Description
Dell Unisphere for PowerMax contains a deserialization of untrusted data flaw. A low-privileged attacker with remote access can exploit this issue to achieve arbitrary command execution with root privileges on the management console. Because the software manages enterprise PowerMax storage arrays, root-level code execution on the console has a high impact on the entire storage fabric it controls. This exploitation requires only a low-privileged authenticated account and no user interaction.
Recommendations
Upgrade to version 10.3.0.7 or later.
Upgrade to version 10.3.1.1 Patch 11360 or later.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unisphere For Powermax