{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-35065: Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-35065","status":"final","version":"1","initial_release_date":"2026-06-17T14:42:31.270Z","current_release_date":"2026-06-17T16:09:51.140Z","revision_history":[{"date":"2026-06-17T14:42:31.270Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-35065 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-35065"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-35065"},{"category":"external","summary":"dell.com","url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities"}]},"product_tree":{"branches":[{"category":"vendor","name":"Dell","branches":[{"category":"product_name","name":"PowerFlex","branches":[{"category":"product_version_range","name":"<5.1.0.1 or later","product":{"name":"Dell PowerFlex <5.1.0.1 or later","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:dell:powerflex:*:*:*:*:*:*:*:*"}}},{"category":"product_version_range","name":"<4.5.5.2 or later","product":{"name":"Dell PowerFlex <4.5.5.2 or later","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:dell:powerflex:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-35065","title":"Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability","notes":[{"category":"description","text":"Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1","CSAFPID-2"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH"},"products":["CSAFPID-1","CSAFPID-2"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 4.5.5.2 or later, 5.1.0.1 or later.","product_ids":["CSAFPID-1","CSAFPID-2"]}]}]}