Dell PowerFlex Multiple Vulnerabilities Advisory DSA-2026-066: RCE, Privilege Escalation, and Fix

Vulnerability Overview Vulnerability ID: DSA-2026-066 Vulnerability Type: Multiple Security Vulnerabilities Affected Software: PowerFlex Software Release Date: June 15, 2026 Description: Multiple security vulnerabilities may be exploited by malicious actors to compromise the integrity, confidentiality, and availability of PowerFlex Software. Scope of Impact Affected Components: - kernel - OpenSSH - Java - Netty - commons-lang3 - angus-smtp - quarkus-vertx - utilib3 - Keycloak Specific Vulnerabilities: - CVE-2026-31431 - CVE-2025-61584 - CVE-2025-50106, CVE-2025-30749 - CVE-2025-55163, CVE-2025-58057 - CVE-2025-48924 - CVE-2025-7962 - CVE-2025-49574 - CVE-2025-50181 - CVE-2024-8176, CVE-2025-53066, CVE-2025-58187, CVE-2025-58188, CVE-2025-59250, CVE-2025-59375, CVE-2025-61723, CVE-2025-61725, CVE-2025-9086, CVE-2025-9187, CVE-2025-9230, CVE-2025-9162, CVE-2025-8419, CVE-2025-7784, CVE-2025-7365 Proprietary Code Vulnerabilities: - CVE-2026-22283: Information Disclosure - CVE-2026-40641: Information Disclosure and Data Tampering - CVE-2026-35069: Script Injection - CVE-2026-35068: Information Disclosure - CVE-2026-35066: Denial of Service - CVE-2026-35067: Privilege Escalation and Unauthorized Access - CVE-2026-35162: Denial of Service - CVE-2026-35065: Code Execution, Denial of Service, Information Disclosure, Data Tampering, Remote Execution, Script Injection, and Unauthorized Access - CVE-2026-32804: Unauthorized Access - CVE-2026-49502: Information Disclosure, Data Tampering, and Unauthorized Access - CVE-2024-47477: DNS Cache Poisoning Remediation Affected Product: PowerFlex Software Fixed Versions: - Version 5.1.0.1 or later - Version 4.5.5.2 or later Manual Upgrade Link: https://www.dell.com/support/product-details/en-us/product/scaleio/drivers Additional Information Related Documentation: - Dell Security Advisories and Notices - Dell Vulnerability Response Policy - CVSS Scoring Guide Legal Disclaimer: Information provided by Dell Technologies is for informational purposes only and carries no liability. Feedback: Users may rate the article and provide feedback. Summary This security update addresses multiple vulnerabilities affecting various components of PowerFlex Software. Users are advised to upgrade to the fixed versions (5.1.0.1 or 4.5.5.2 or later) as soon as possible to mitigate these vulnerabilities.

Goal Reached Thanks to every supporter — we hit 100%!

Dell PowerFlex Multiple Vulnerabilities Advisory DSA-2026-066: RCE, Privilege Escalation, and Fix