VYPR
← All advisories
Medium severity4.7NVD Advisory· Published Apr 1, 2026· Updated Apr 2, 2026

CVE-2026-27101

CVE-2026-27101

Description

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path traversal vulnerability in Dell SCG 5.0 allows high-privileged attackers within the management network to achieve remote execution.

Vulnerability

Overview

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application versions 5.28.00.28.00.xx through 5.32.00.xx contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [1]. The CVE description confirms that a high-privileged attacker operating within the management network could exploit this flaw, potentially leading to remote code execution [1].

Attack

Scenario

The vulnerability requires the attacker to already have high privileges and network access to the management plane of the gateway uses. The CVSS v3.1 vector string (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L) indicates exploitation is network-based, does not require user interaction, and has low attack complexity [1]. A successful attack may allow the adversary to bypass directory restrictions and access or write files outside the intended path. The advisory from Dell notes that the highest threat from this vulnerability is to confidentiality, integrity, and availability, each with a low impact [1].

Impact & Mitigation

A successful exploit could lead to remote execution, meaning the attacker could run arbitrary commands or code on the SCG appliance or application. This poses a risk to the management‑network risk because SCG typically handles device monitoring and configuration. Dell has released a remediated version, SCG 5.34.00.00 or later, which fixes the vulnerability. Customers should upgrade as soon as possible to prevent potential exploitation [1].

References
  1. DSA-2026-020: Security Update for Dell Secure Connect Gateway-Application Vulnerabilities

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Dell/Secure Connect Gateway3 versions
    cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:-:*:*:*+ 2 more
    • cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:-:*:*:*range: >=5.28.00.00,<5.34.00.00
    • cpe:2.3:a:dell:secure_connect_gateway:*:*:*:*:application:*:*:*range: >=5.28.00.00,<5.34.00.00
    • (no CPE)range: >=5.28.00.xx <=5.32.00.xx

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.