CVE-2026-35071
Dell · PowerScale InsightIQ
Dell PowerScale InsightIQ is susceptible to an OS Command Injection vulnerability, allowing an authenticated attacker with high privileges to execute arbitrary commands on the underlying system.
Executive summary
An OS Command Injection vulnerability in Dell PowerScale InsightIQ allows authenticated attackers with high privileges to execute arbitrary commands, potentially leading to full system compromise.
Vulnerability
The application is vulnerable to OS Command Injection (CWE-78) due to improper neutralization of special elements. Based on the CVSS vector (PR:H), this requires an authenticated user with high-level administrative privileges to trigger.
Business impact
The ability to execute arbitrary OS commands poses a critical risk to the confidentiality, integrity, and availability of the PowerScale environment. Given the CVSS score of 8.2, a successful exploit could allow an attacker to gain full control over the management appliance, leading to unauthorized data access, system disruption, and lateral movement within the network.
Remediation
Immediate Action: Update Dell PowerScale InsightIQ to version 6.3.0 or later as specified in the vendor security advisory.
Proactive Monitoring: Review system and audit logs for unexpected process execution or unusual command-line activity originating from the InsightIQ service account.
Compensating Controls: Ensure that access to the InsightIQ management interface is restricted to authorized administrative personnel only, utilizing network-level access controls to minimize the attack surface.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Organizations utilizing Dell PowerScale InsightIQ should prioritize patching to version 6.3.0. Although the vulnerability requires high privileges, the potential for total system impact necessitates prompt remediation to prevent unauthorized administrative escalation.