HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-32804Published Modified CNA dell

CVE-2026-32804: Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access.

Metrics

CVSS v3.1
8.1
Severity
HIGH
Fixed in
4.5.5.2 or later
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper authentication vulnerability in Dell PowerFlex Manager allows an unauthenticated attacker on the same network segment to bypass authentication controls entirely. The CVSS vector (AV:A/PR:N/UI:N) indicates the attacker needs adjacent network access but no credentials and no victim interaction. Successful exploitation gives the attacker the ability to tamper with managed infrastructure and disrupt availability of the PowerFlex environment. Patched-image rebuilds at versions 4.5.5.2 and 5.1.0.1 are available on HarborGuard for environments running affected versions.

HarborGuard Coverage

Detection

Detection of CVE-2026-32804 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against images in customer registries, CI pipelines, and custom-built images automatically. Any image carrying an affected version of Dell PowerFlex Manager is flagged without requiring manual configuration.

Available
Triage

HarborGuard scores this CVE at CVSS 8.1 (HIGH) and weights it against each customer org's compliance policy to determine urgency and routing. Findings are dispatched to the team inbox or ticketing integration configured for the affected environment, so the right engineers see the alert without manual triage.

Available
Patch

A patched-image rebuild at Dell PowerFlex Manager versions 4.5.5.2 or 5.1.0.1 becomes available on HarborGuard as soon as the upstream fix is indexed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs regression tests against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityDetail

    The attacker must be on an adjacent network segment such as the same LAN, VLAN, or VPN; over-the-internet exploitation is not directly possible without that adjacency.

  • AuthenticationNot required

    No credentials of any kind are needed; the vulnerability exists in the authentication layer itself, so an anonymous attacker can reach protected functionality.

  • Victim interactionNot required

    Exploitation is entirely attacker-driven; no user action such as clicking a link or opening a file is required.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and repeatable without needing to satisfy special conditions, race a timer, or manipulate memory layout.

Blast Radius

  • Attacker bypasses authentication and gains unauthorized control over PowerFlex Manager, allowing modification of storage, compute, or network configurations managed by the platform.
  • Attacker disrupts availability of the PowerFlex Manager service and the infrastructure resources it orchestrates, causing outages to dependent workloads.
  • Because confidentiality impact is rated None in the CVSS vector, direct data exfiltration from the manager itself is not the primary risk; the integrity and availability of managed infrastructure are the principal concerns.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of the CVE hitting upstream feeds, matching every scanned image that carries an affected Dell PowerFlex Manager version, including internally built images that bundle the software. Because this is rated HIGH (CVSS 8.1) with no authentication barrier required, it surfaces at the top of the findings queue and is routed per each org's compliance policy. For customers who opt into auto-remediation, HarborGuard makes a rebuilt image at version 4.5.5.2 or 5.1.0.1 available, runs regression tests, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. For environments where auto-remediation is not permitted by compliance policy, the finding is queued for manual review with remediation guidance pointing to the Dell-published fix versions.

See how HarborGuard automates this

Fix available

4.5.5.2 or later5.1.0.1 or later
Affected packages
  • Dell / PowerFlex
    < 5.1.0.1 or later (from 0) · < 4.5.5.2 or later (from 0)
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References