CVE-2026-28265 - Vulnerability Details

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Dell	Powerstore 1000t Powerstore 1200t Powerstore 3000t Powerstore 3200q Powerstore 3200t Powerstore 5000t Powerstore 500t Powerstore 5200q Powerstore 5200t Powerstore 7000t Powerstore 9000t Powerstore 9200t Powerstoreos

Configuration 1 [-]

AND

cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:powerstore_1000t:-:::::::*
	cpe:2.3:h:dell:powerstore_1200t:-:::::::*
	cpe:2.3:h:dell:powerstore_3000t:-:::::::*
	cpe:2.3:h:dell:powerstore_3200q:-:::::::*
	cpe:2.3:h:dell:powerstore_3200t:-:::::::*
	cpe:2.3:h:dell:powerstore_5000t:-:::::::*
	cpe:2.3:h:dell:powerstore_500t:-:::::::*
	cpe:2.3:h:dell:powerstore_5200q:-:::::::*
	cpe:2.3:h:dell:powerstore_5200t:-:::::::*
	cpe:2.3:h:dell:powerstore_7000t:-:::::::*
	cpe:2.3:h:dell:powerstore_9000t:-:::::::*
	cpe:2.3:h:dell:powerstore_9200t:-:::::::*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities

History

Thu, 02 Apr 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell powerstore 1000t Dell powerstore 1200t Dell powerstore 3000t Dell powerstore 3200q Dell powerstore 3200t Dell powerstore 5000t Dell powerstore 500t Dell powerstore 5200q Dell powerstore 5200t Dell powerstore 7000t Dell powerstore 9000t Dell powerstore 9200t Dell powerstoreos
Weaknesses		CWE-22
CPEs		cpe:2.3:h:dell:powerstore_1000t:-:::::::* cpe:2.3:h:dell:powerstore_1200t:-:::::::* cpe:2.3:h:dell:powerstore_3000t:-:::::::* cpe:2.3:h:dell:powerstore_3200q:-:::::::* cpe:2.3:h:dell:powerstore_3200t:-:::::::* cpe:2.3:h:dell:powerstore_5000t:-:::::::* cpe:2.3:h:dell:powerstore_500t:-:::::::* cpe:2.3:h:dell:powerstore_5200q:-:::::::* cpe:2.3:h:dell:powerstore_5200t:-:::::::* cpe:2.3:h:dell:powerstore_7000t:-:::::::* cpe:2.3:h:dell:powerstore_9000t:-:::::::* cpe:2.3:h:dell:powerstore_9200t:-:::::::* cpe:2.3:o:dell:powerstoreos::::::::
Vendors & Products		Dell Dell powerstore 1000t Dell powerstore 1200t Dell powerstore 3000t Dell powerstore 3200q Dell powerstore 3200t Dell powerstore 5000t Dell powerstore 500t Dell powerstore 5200q Dell powerstore 5200t Dell powerstore 7000t Dell powerstore 9000t Dell powerstore 9200t Dell powerstoreos

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Title		Path Traversal in Dell PowerStore Service User Allows Local File Modification

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 01 Apr 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Weaknesses		CWE-35
References		https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities
Metrics		cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2026-04-01T07:41:28.180Z

Updated: 2026-04-01T13:10:14.638Z

Reserved: 2026-02-25T18:04:25.462Z

Link: CVE-2026-28265

Vulnrichment

Updated: 2026-04-01T13:10:11.069Z

NVD

Status : Analyzed

Published: 2026-04-01T08:16:05.490

Modified: 2026-04-02T20:43:17.370

Link: CVE-2026-28265

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object