CVE-2026-35070
MEDIUM WAF: High
CVSS 6.7
Published: 2026-05-20
CWE-77
Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
WAF Coverage Analysis
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| dell | smartfabric_storage_software | up to 1.4.5 |
References
- www.dell.com (Vendor Advisory)