CVE-2026-28265 PUBLISHED

Assigner: dell
Reserved: 25.02.2026 Published: 01.04.2026 Updated: 01.04.2026

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVSS Score: 4.4

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Dell
Product	PowerStore
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 500T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 1000T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 1200T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 3000T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 3200Q
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 3200T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 5000T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 5200Q
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 5200T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 7000T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 9000T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

Vendor	Dell
Product	PowerStore 9200T
Versions	Default: unaffected affected from 0 to 4.4.0.0-2692403 or later (excl.)

References

https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities

Problem Types

CWE-35: Path Traversal CWE