{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-49502","assignerOrgId":"c550e75a-17ff-4988-97f0-544cde3820fe","state":"PUBLISHED","assignerShortName":"dell","dateReserved":"2026-05-31T17:04:24.517Z","datePublished":"2026-06-17T14:30:27.310Z","dateUpdated":"2026-06-25T12:59:48.815Z"},"containers":{"cna":{"providerMetadata":{"orgId":"c550e75a-17ff-4988-97f0-544cde3820fe","shortName":"dell","dateUpdated":"2026-06-25T12:59:48.815Z"},"datePublic":"2026-06-15T06:30:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-287","description":"CWE-287: Improper Authentication","type":"CWE"}]}],"affected":[{"vendor":"Dell","product":"PowerFlex","versions":[{"status":"affected","version":"0","lessThan":"5.1.0.1 or later","versionType":"semver"},{"status":"affected","version":"0","lessThan":"4.5.5.2 or later","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access.","supportingMedia":[{"type":"text/html","base64":false,"value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access."}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"HIGH","baseScore":7.4,"vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}}],"credits":[{"lang":"en","value":"Dell would like to thank brocked200 for reporting this issue.","type":"other"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-18T14:29:19.946890Z","id":"CVE-2026-49502","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-18T14:29:56.402Z"}}]}}