CVE-2026-56690 PUBLISHED

Assigner: dell
Reserved: 22.06.2026 Published: 10.07.2026 Updated: 10.07.2026

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
CVSS Score: 8.5

Product Status

Vendor Dell
Product PowerFlex Manager
Versions Default: unaffected
  • affected from 0 to 5.1.0.1 or later (excl.)
  • affected from 0 to 4.5.5.2 or later (excl.)

References

Problem Types

  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE