CVE-2026-26360
📋 TL;DR
Dell Unisphere for PowerMax version 10.2 contains a path traversal vulnerability that allows low-privileged remote attackers to delete arbitrary files. This affects organizations using Dell's PowerMax storage management software. Attackers could potentially disrupt operations by deleting critical system files.
💻 Affected Systems
- Dell Unisphere for PowerMax
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical operating system files, leading to service disruption, data loss, or system unavailability.
Likely Case
Disruption of PowerMax management functions by deleting configuration files, logs, or application data, potentially causing operational downtime.
If Mitigated
Limited impact if proper network segmentation and access controls prevent low-privileged users from reaching vulnerable interfaces.
🎯 Exploit Status
Exploitation requires low-privileged credentials but path traversal vulnerabilities are typically straightforward to exploit once identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to version specified in DSA-2026-102
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities
Restart Required: Yes
Instructions:
1. Review Dell Security Advisory DSA-2026-102. 2. Download the appropriate patch from Dell Support. 3. Apply the patch following Dell's installation instructions. 4. Restart Unisphere services as required.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to Unisphere management interface to trusted networks only
Access Control
allImplement strict access controls and limit low-privileged user access to management interfaces
🧯 If You Can't Patch
- Implement network segmentation to isolate Unisphere management interfaces from untrusted networks
- Apply strict access controls and monitor for suspicious file deletion activities
🔍 How to Verify
Check if Vulnerable:
Check Unisphere version via web interface or system logs. Version 10.2 is vulnerable.Check Version:
Check via Unisphere web interface or consult Dell documentation for version checking commandsVerify Fix Applied:
Verify version has been updated beyond 10.2 per Dell's patch documentation📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in system logs
- Failed file access attempts with path traversal patterns
- Multiple delete operations from single low-privileged accounts
Network Indicators:
- HTTP requests containing path traversal sequences (../, ..\) to Unisphere endpoints
- Unusual delete operations from management interfaces
SIEM Query:
source="unisphere" AND (event_type="file_delete" OR http_uri="*../*")