Dell

Dell released security advisories in May 2026 to address vulnerabilities in PowerEdge Server Chipset Driver, Data Lakehouse, Dell Enterprise SONiC Distribution, and Dell Unity/UnityVSA/Unity XT.

Dell PowerFlex Manager versions 4.6.2 and earlier contain an Incorrect Privilege Assignment vulnerability (CVE-2025-32747) that allows a low-privileged attacker with local access to elevate privileges.

Dell PowerFlex Manager versions 4.6.2 and prior contains an open redirect vulnerability (CVE-2025-26483) that allows an unauthenticated attacker to redirect a targeted user to an arbitrary web URL, potentially enabling phishing attacks.

Dell published security advisories between May 11 and 17, 2026, addressing vulnerabilities in Dell Enterprise Sonic Distribution, Dell Live Optics Collector, Intel 800 Series Ethernet Adapters, Dell PowerEdge with AMD Graphics, and PowerScale InsightIQ, prompting users to apply necessary updates.

Dell published security advisories addressing vulnerabilities in APEX Cloud Platform, Automation Platform, Command | Monitor, CyberSense, NativeEdge Orchestrator, SmartFabric Manager, iDRAC, Disk Library, and PowerProtect Cyber Recovery, requiring users to apply necessary updates.

A local attacker can exploit a vulnerability in Dell computers to execute arbitrary code.

Dell published security advisories addressing vulnerabilities in Dell Networking OS10, Dell Storage Monitoring and Reporting, Dell Storage Resource Manager, and Dell VxRail Appliance, urging users to apply necessary updates.

Multiple vulnerabilities in Dell PowerProtect Data Domain OS allow an attacker to execute arbitrary code with root privileges, escalate privileges to administrator, bypass security measures, manipulate data, disclose sensitive information, or conduct unspecified attacks.

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.60, contain an improper certificate validation vulnerability in certificate-based login, potentially leading to privilege escalation.

A local attacker can exploit a vulnerability in Dell Storage Manager to escalate their privileges on the system.

A command injection vulnerability in Dell PowerProtect Data Domain (CVE-2026-23778) could allow a remote, high-privileged attacker to gain root-level access.

Dell PowerProtect Data Domain BoostFS versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.50 are vulnerable to an insufficiently protected credentials vulnerability, allowing a low-privileged attacker with local access to expose credentials and potentially gain elevated privileges.

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability (CVE-2026-23853) that can lead to unauthorized access by a local attacker.

Dell AppSync version 4.6.0 is vulnerable to a UNIX Symbolic Link (Symlink) Following vulnerability (CVE-2026-22767) that allows a low-privileged local attacker to tamper with information.

Dell AppSync version 4.6.0 contains an incorrect permission assignment vulnerability that allows a low-privileged attacker with local access to elevate privileges on the system.