CVE-2026-35068
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35068
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35068
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35068
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-35068 (1)
Same Patch Batch · Dell · 2026-06-17 · 13 CVEs total
| CVE-2026-35065 | 8.8 HIGH | Dell PowerFlex Manager越权访问漏洞 |
| CVE-2026-32804 | 8.1 HIGH | Dell PowerFlex Manager认证缺陷致未授权访问 |
| CVE-2026-32652 | 7.8 HIGH | Dell AIOps Collector小于1.18.3默认凭证漏洞 |
| CVE-2026-22283 | 7.5 HIGH | Dell PowerFlex Manager <4.8 未授权信息泄露漏洞 |
| CVE-2026-49502 | 7.4 HIGH | Dell PowerFlex Manager认证漏洞致信息泄露与未授权访问 |
| CVE-2026-35066 | 7.1 HIGH | Dell PowerFlex Manager越权访问致拒绝服务漏洞 |
| CVE-2024-47477 | 6.5 MEDIUM | Dell PowerFlex Manager证书验证绕过漏洞 |
| CVE-2026-35069 | 5.7 MEDIUM | Dell PowerFlex Manager SQL注入漏洞 |
| CVE-2026-35067 | 5.7 MEDIUM | Dell PowerFlex Manager权限提升漏洞 |
| CVE-2026-40641 | 4.8 MEDIUM | Dell PowerFlex Manager 4.6.0.1 使用不安全的加密算法漏洞 |
| CVE-2025-32748 | 4.3 MEDIUM | Dell PowerFlex RCM 3.7主机头注入漏洞 |
| CVE-2026-35162 | 4.3 MEDIUM | Dell PowerFlex Manager 越权访问导致拒绝服务 |
IV. Related Vulnerabilities
Same weakness: CWE-89
- CVE-2026-35069
Dell PowerFlex Manager SQL注入漏洞 - CVE-2026-54812
WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerabi - CVE-2026-54809
WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerabil - CVE-2026-54808
WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL I - CVE-2026-54813
WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerabi
V. Comments for CVE-2026-35068
No comments yet