CVE-2026-35071

Dell · PowerScale InsightIQ

Dell PowerScale InsightIQ is susceptible to an OS Command Injection vulnerability, allowing an authenticated attacker with high privileges to execute arbitrary commands on the underlying system.

Executive summary

An OS Command Injection vulnerability in Dell PowerScale InsightIQ allows authenticated attackers with high privileges to execute arbitrary commands, potentially leading to full system compromise.

Vulnerability

The application is vulnerable to OS Command Injection (CWE-78) due to improper neutralization of special elements. Based on the CVSS vector (PR:H), this requires an authenticated user with high-level administrative privileges to trigger.

Business impact

The ability to execute arbitrary OS commands poses a critical risk to the confidentiality, integrity, and availability of the PowerScale environment. Given the CVSS score of 8.2, a successful exploit could allow an attacker to gain full control over the management appliance, leading to unauthorized data access, system disruption, and lateral movement within the network.

Remediation

Immediate Action: Update Dell PowerScale InsightIQ to version 6.3.0 or later as specified in the vendor security advisory.

Proactive Monitoring: Review system and audit logs for unexpected process execution or unusual command-line activity originating from the InsightIQ service account.

Compensating Controls: Ensure that access to the InsightIQ management interface is restricted to authorized administrative personnel only, utilizing network-level access controls to minimize the attack surface.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Organizations utilizing Dell PowerScale InsightIQ should prioritize patching to version 6.3.0. Although the vulnerability requires high privileges, the potential for total system impact necessitates prompt remediation to prevent unauthorized administrative escalation.