CVE-2026-26360 is a vulnerability classified under CWE-73 (External Control of File Name or Path) found in Dell Unisphere for PowerMax, specifically version 10.2. This vulnerability allows a remote attacker with low privileges to manipulate file paths or names externally, enabling them to delete arbitrary files on the system. The flaw arises because the software does not properly validate or restrict user-supplied input that controls file paths, leading to unauthorized file deletion. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and only low privileges (PR:L) without any user interaction (UI:N). The vulnerability affects confidentiality minimally but has a high impact on integrity and availability, as critical files can be deleted, potentially causing system instability or data loss. Although no public exploits are known at this time, the CVSS 3.1 base score of 8.1 reflects the significant risk posed by this vulnerability. Dell has not yet published patches, so organizations must rely on compensating controls until updates are available. The vulnerability is particularly concerning for environments where Dell PowerMax storage arrays are used to manage critical data, as deletion of files could disrupt storage management operations and data availability.

For European organizations, the impact of CVE-2026-26360 can be severe, especially in industries such as finance, healthcare, telecommunications, and government where Dell PowerMax storage solutions are deployed. Exploitation could lead to deletion of critical configuration or operational files, resulting in degraded storage management capabilities, data unavailability, or service outages. This could cause significant operational disruption, financial loss, and reputational damage. The vulnerability's ability to be exploited remotely by low-privileged attackers increases the attack surface, especially in environments where network access controls are insufficient. Given the high reliance on data integrity and availability in European enterprises, this vulnerability poses a substantial risk to business continuity and compliance with data protection regulations such as GDPR if data loss or service disruption occurs.

1. Monitor Dell’s official security advisories closely and apply patches or updates for Unisphere for PowerMax as soon as they become available. 2. Restrict network access to the Unisphere management interface to trusted administrative networks only, using firewalls and network segmentation. 3. Implement strict access controls and least privilege principles for users accessing the Unisphere system to minimize the risk from low-privileged attackers. 4. Enable detailed logging and continuous monitoring of file operations and administrative actions within Unisphere to detect suspicious activities promptly. 5. Conduct regular backups of configuration and critical files managed by Unisphere to enable recovery in case of file deletion. 6. Consider deploying intrusion detection/prevention systems (IDS/IPS) to identify and block exploitation attempts targeting this vulnerability. 7. Educate system administrators about the risks and signs of exploitation related to this vulnerability to enhance incident response readiness.