CVE-2026-35065
Undergoing Analysis Undergoing Analysis - In Progress
Missing Authentication in Dell PowerFlex Manager

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Dell

Description
Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-35065
EUVD
EUVD-2026-37733
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dell powerflex_manager *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Dell PowerFlex Manager allows unauthenticated attackers with adjacent network access to perform critical unauthorized actions such as code execution, denial of service, information disclosure, information tampering, remote execution, script injection, and unauthorized access.

Such security weaknesses can lead to breaches of confidentiality, integrity, and availability of sensitive data, which are core concerns of compliance standards like GDPR and HIPAA.

Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to potential unauthorized access and disclosure of protected data.

Executive Summary

This vulnerability exists in Dell PowerFlex Manager and is classified as a Missing Authentication for Critical Function. It allows an unauthenticated attacker who has adjacent network access to exploit the system.

Exploitation of this vulnerability can lead to several severe impacts including code execution, denial of service, information disclosure, information tampering, remote execution, script injection, and unauthorized access.

Impact Analysis

If exploited, this vulnerability can have serious consequences such as:

  • Code execution by an attacker, potentially allowing control over the affected system.
  • Denial of service, which could disrupt availability of the service.
  • Information disclosure, exposing sensitive data.
  • Information tampering, allowing unauthorized modification of data.
  • Remote execution and script injection, enabling attackers to run malicious code remotely.
  • Unauthorized access, compromising system security.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35065. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart