CVE-2026-26361 is a vulnerability classified under CWE-73 (External Control of File Name or Path) found in Dell Unisphere for PowerMax, specifically version 10.2. This vulnerability allows a low privileged attacker with remote network access to manipulate file paths or file names processed by the system. By exploiting this flaw, the attacker can cause unauthorized information disclosure, potentially accessing sensitive files or data that should be protected. The vulnerability does not require user interaction and does not impact system integrity or availability, but it does have a high confidentiality impact. The CVSS v3.1 score is 6.5, indicating a medium severity level. The attack vector is network-based with low attack complexity and requires low privileges, making it a realistic threat in environments where remote access to the management interface is possible. No patches or fixes have been published yet, and no known exploits have been observed in the wild. Dell Unisphere for PowerMax is a storage management software used to control Dell PowerMax enterprise storage arrays, which are widely deployed in large organizations for critical data storage and management. The vulnerability arises from insufficient validation or sanitization of file path inputs, allowing external control over file names or paths used by the application. This can lead to unauthorized reading of files or directories, exposing sensitive information to attackers.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Dell PowerMax storage solutions for critical data management. Unauthorized information disclosure could lead to exposure of sensitive corporate data, intellectual property, or personal data protected under GDPR, resulting in regulatory penalties and reputational damage. The medium severity rating reflects that while the vulnerability does not allow system takeover or data modification, the confidentiality breach alone can have serious consequences in sectors such as finance, healthcare, government, and critical infrastructure. The ease of exploitation (remote network access with low privileges and no user interaction) increases the risk, particularly if management interfaces are exposed or insufficiently protected. Organizations with inadequate network segmentation or weak access controls are more vulnerable. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once patches are released or if the vulnerability becomes publicly known.

1. Immediately restrict network access to Dell Unisphere for PowerMax management interfaces, ensuring they are not exposed to untrusted networks or the internet. 2. Implement strict network segmentation and firewall rules to limit access only to authorized administrators and systems. 3. Enforce strong authentication and access control policies for all users with access to the management interface, including multi-factor authentication where possible. 4. Monitor logs and file access patterns for unusual or unauthorized file path manipulations or access attempts. 5. Conduct a thorough audit of current configurations and permissions related to file handling within Unisphere for PowerMax. 6. Stay in close contact with Dell for official patches or updates addressing this vulnerability and plan for immediate deployment once available. 7. Educate IT and security teams about the vulnerability and the importance of protecting management interfaces. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect attempts to exploit file path manipulation vulnerabilities. 9. Review and update incident response plans to include scenarios involving information disclosure via storage management systems.