CVE-2026-28265
Received
Received - Intake
Path Traversal in PowerStore Service Allows Arbitrary File Modification
Publication date: 2026-04-01
Last updated on: 2026-04-02
Assigner: Dell
Description
Description
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerstoreos | to 4.4.0.0-2692403 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Path Traversal issue found in the PowerStore Service user. It allows a low privileged attacker who has local access to the system to potentially exploit the vulnerability and modify arbitrary system files.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker with limited privileges and local access to modify system files. This could lead to unauthorized changes in the system, potentially affecting system integrity and availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70