{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-22283: Dell PowerFlex Manager, version(s) Version prior to 4","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-22283","status":"final","version":"1","initial_release_date":"2026-06-17T14:24:20.405Z","current_release_date":"2026-06-17T15:38:19.430Z","revision_history":[{"date":"2026-06-17T14:24:20.405Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-22283 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-22283"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-22283"},{"category":"external","summary":"dell.com","url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities"}]},"product_tree":{"branches":[{"category":"vendor","name":"Dell","branches":[{"category":"product_name","name":"PowerFlex","branches":[{"category":"product_version_range","name":"<5.1.0.1 or later","product":{"name":"Dell PowerFlex <5.1.0.1 or later","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:dell:powerflex:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":"<4.5.5.2 or later","product":{"name":"Dell PowerFlex <4.5.5.2 or later","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:dell:powerflex:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-22283","title":"Dell PowerFlex Manager, version(s) Version prior to 4","notes":[{"category":"description","text":"Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1","CSAFPID-2"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH"},"products":["CSAFPID-1","CSAFPID-2"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 4.5.5.2 or later, 5.1.0.1 or later.","product_ids":["CSAFPID-1","CSAFPID-2"]}]}]}