MDR
Solutions
Partners
About
Resources
Dell PowerScale InsightIQ versions 5.0.0 through 6.2.0 deployed on enterprise storage monitoring environments.
Two CVEs: OS command injection (CVSS 8.2) in versions 6.0.0–6.2.0 and unnecessary privilege execution (CVSS 6.7) in versions 5.0.0–6.2.0.
Disclosed 12 May 2026; no active exploitation reported; classified as Informative Cyber Alert with auto-update available.
Local access interfaces on InsightIQ systems; requires high-privileged local attacker account to exploit either vulnerability.
Improper neutralisation of special elements in OS commands and execution with unnecessarily elevated privileges in the application agent.
High-privileged local attacker submits crafted input to trigger command injection or abuses elevated process execution for privilege escalation.
High-privileged local attackers can execute arbitrary OS commands or escalate privileges on affected InsightIQ systems.
Risk limited to locally accessible systems with high-privileged accounts; overall risk moderate but upgrade is essential.
Upgrade Dell PowerScale InsightIQ to version 6.3.0 or later to remediate both CVEs immediately.
Apply least privilege principles, upgrade software promptly, and audit local account access on InsightIQ deployments.
Dell Security Advisory DSA-2026-208. NVD and CISA resources referenced. CVEs: CVE-2026-35071, CVE-2026-40638.
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)