CVE-2026-35070
Description
Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell SmartFabric Storage Software <1.4.5 has a command injection vulnerability allowing high-privileged local attackers to gain filesystem access.
Vulnerability
Dell SmartFabric Storage Software versions prior to 1.4.5 contain an improper neutralization of special elements used in a command ('Command Injection') vulnerability [1]. This flaw allows an attacker to inject arbitrary operating system commands through the application's interface.
Exploitation
Exploitation requires a high-privileged attacker with local access to the system [1]. The attacker can inject commands by crafting malicious input that is not properly sanitized, potentially leading to execution of arbitrary commands with the privileges of the application.
Impact
Successful exploitation grants the attacker filesystem access, potentially allowing reading, writing, or modifying files [1]. This impacts confidentiality and integrity, though the exact scope depends on the application's permissions.
Mitigation
Dell has released version 1.4.5 to address this vulnerability [1]. Users should upgrade to this version or later. The advisory DSA-2026-235 provides further details and links to the update.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <1.4.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.