Dell Issues Security Advisories for PowerEdge, PowerProtect, Connectrix, and Networking Products
Dell released multiple security advisories covering vulnerabilities across a broad set of enterprise infrastructure products, and the Canadian Centre for Cyber Security urged organizations to review the notices and apply updates. The affected technologies span storage, networking, data protection, and server platforms, including Connectrix Switches and Directors, AMD-based PowerEdge Servers, Dell Command | Update versions prior to 5.7.0, PowerProtect Data Domain, and Dell Storage Manager - Replay Manager for Microsoft Servers versions prior to 8.0.3.
Additional advisories also affected Data Protection Advisor, Dell EMC Isilon OneFS, Dell EMC PowerScale, Dell Networking OS10, PowerProtect DP Series Appliance, Elastic Cloud Storage, ObjectScale, and several PowerSwitch models. The Canadian notice linked Dell advisories including DSA-2026-041, DSA-2026-171, DSA-2026-058, and DSA-2026-190, and characterized the activity as a vendor patch and mitigation effort rather than evidence of active exploitation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Canadian Centre for Cyber Security issues Dell advisory AV26-439
On 2026-05-11, the Canadian Centre for Cyber Security published advisory AV26-439 summarizing Dell security advisories released between May 4 and May 10, 2026. The notice covered Dell PowerScale A300/A3000/H700/H7000, Dell Elastic Cloud Storage (ECS), and Dell ObjectScale, and urged users to review Dell advisories DSA-2026-127 and DSA-2026-019 and apply updates.
Canadian Centre for Cyber Security issues Dell advisory AV26-414
On 2026-05-04, the Canadian Centre for Cyber Security published advisory AV26-414 summarizing Dell security advisories released between April 27 and May 3, 2026. The notice covered products including APEX Cloud Platform for Red Hat OpenShift, Dell Automation Platform, Dell Command | Monitor, Dell CyberSense, Dell NativeEdge Orchestrator, Dell SmartFabric Manager, Dell iDRAC9, Dell iDRAC10, DLm8700/DLm2700, and PowerProtect Cyber Recovery, and urged users to apply updates.
Canadian Centre for Cyber Security issues Dell advisory AV26-389
On 2026-04-27, the Canadian Centre for Cyber Security published advisory AV26-389 summarizing Dell advisories released between April 20 and 26, 2026 for Dell Networking OS10, Dell Storage Monitoring and Reporting, Dell Storage Resource Manager, and Dell VxRail Appliance. The advisory urged users and administrators to review Dell notices DSA-2026-160, DSA-2026-126, and DSA-2026-196 and apply the necessary updates.
Canadian Centre for Cyber Security issues Dell advisory AV26-366
On 2026-04-20, the Canadian Centre for Cyber Security published advisory AV26-366 referencing Dell advisories DSA-2026-041, DSA-2026-171, DSA-2026-058, and DSA-2026-190, and advised organizations to review and apply the relevant updates.
Dell publishes another round of security advisories
Between 2026-04-13 and 2026-04-19, Dell released additional advisories affecting Connectrix Switches and Directors, AMD-based PowerEdge Servers, Dell Command| Update versions prior to 5.7.0, PowerProtect Data Domain, and Dell Storage Manager - Replay Manager for Microsoft Servers versions prior to 8.0.3.
Canadian Centre for Cyber Security issues Dell advisory AV26-343
On 2026-04-13, the Canadian Centre for Cyber Security published advisory AV26-343 summarizing Dell's April 6-12 advisories and urging users and administrators to review the vendor notices and apply the necessary updates.
Dell publishes security advisories for multiple enterprise products
Between 2026-04-06 and 2026-04-12, Dell released a set of security advisories covering vulnerabilities in products including Connectrix Switches and Directors, Data Protection Advisor, Dell EMC Isilon OneFS, Dell EMC PowerScale, Dell Networking OS10, PowerProtect DP Series Appliance, Elastic Cloud Storage, ObjectScale, and several PowerSwitch models.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Dell security advisory (AV26-439) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceDell security advisory (AV26-414) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceDell security advisory (AV26-389) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceDell security advisory (AV26-366) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceDell security advisory (AV26-343) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Dell Fixes Vulnerabilities in NativeEdge Orchestrator, iDRAC Tools, PowerEdge, PowerScale, and PowerStore
Dell published multiple security advisories covering vulnerabilities across **NativeEdge Orchestrator**, **iDRAC Tools**, **PowerEdge**, **PowerScale**, and **PowerStore**, prompting the Canadian Centre for Cyber Security to issue advisory **AV26-598**. The notice says **Dell NativeEdge Orchestrator** versions prior to `4.2.0.0` and **iDRAC Tools** versions prior to `11.4.1.0` are affected, while multiple versions of **PowerEdge**, **PowerScale**, and **PowerStore** also require attention. The Cyber Centre urged administrators to review Dell’s advisories and apply the necessary updates. Referenced notices include **DSA-2026-256** for **Dell NativeEdge Orchestrator**, **DSA-2026-237** for **Dell PowerScale OneFS** third-party component vulnerabilities, and **DSA-2026-273** for **Dell PowerStore T**, indicating that the remediation effort spans infrastructure management, storage, and server platforms.
Jun 15, 2026
Dell Advisories Address Third-Party Component Flaws Across APEX, NetWorker, and Secure Connect Gateway
Dell issued multiple security advisories covering vulnerabilities across a broad set of enterprise products, including **APEX Cloud Platform for Red Hat OpenShift**, **APEX Cloud Platforms Solution Offerings**, **APEX**, **Dell Secure Connect Gateway Appliance**, **Dell Policy Manager for Secure Connect Gateway Appliance**, **Dell NetWorker**, **Dell Storage Monitoring and Reporting**, **Dell Storage Resource Manager**, and **Dell PowerSwitch Z9664F-ON**. The Canadian Centre for Cyber Security said the advisories span both Dell-developed software and bundled third-party components, with specific issues including **Apache Tomcat** vulnerabilities in NetWorker, **rsync** vulnerabilities in Dell networking products, and multiple third-party component flaws in Secure Connect Gateway-related offerings. Affected versions cited in the notices include Dell Policy Manager for Secure Connect Gateway Appliance before `5.32.00.18`, Dell Secure Connect Gateway Appliance before `5.34.00.16`, Dell NetWorker `19.14` and `19.9` through `19.13.0.2`, Dell PowerSwitch Z9664F-ON before `3.54.5.1-11`, and Dell Storage Monitoring and Reporting and Storage Resource Manager before `6.0.0.2`. The Cyber Centre urged organizations to review Dell’s product-specific advisories and apply the required updates to reduce exposure across infrastructure, storage, networking, and cloud platform environments.
Mar 30, 2026
Dell Patches Critical Authentication and Command Injection Flaws Across Storage Products
Dell disclosed multiple high-severity vulnerabilities affecting enterprise storage and backup platforms, including **PowerProtect Data Domain**, **Storage Manager**, and **Unity**. In PowerProtect Data Domain, **CVE-2026-26944** allows unauthenticated remote attackers to reach a privileged function and potentially execute commands as `root` if a legitimate user performs a specific action, while **CVE-2026-26943** and **CVE-2026-23778** enable root-level command execution for attackers with high privileges. Dell said the issues affect several DD OS release tracks, Data Domain Virtual Edition, APEX Protection Storage, Data Domain Management Center, and PowerProtect DP Series appliances, and released fixes through advisory **DSA-2026-060**, adding that it had no indication of active exploitation. Dell also issued critical updates for other storage lines. **Dell Storage Manager** vulnerabilities **CVE-2025-43994** and **CVE-2025-43995** expose management functions and APIs to unauthenticated remote access or authentication bypass, potentially affecting all storage arrays managed by a vulnerable instance; Dell’s advisory **DSA-2025-393** recommends upgrading to **2020 R1.22** or later. In **Dell Unity**, **CVE-2025-36604** permits unauthenticated remote OS command injection, while **CVE-2025-36606** and **CVE-2025-36607** allow authenticated attackers to escape restricted utilities and run commands as `root`; Dell remediated those flaws in **Unity OE 5.5.1** and later. The disclosures highlight elevated risk to backup integrity, storage administration, and ransomware recovery operations if exposed management interfaces remain unpatched.
Jun 12, 2026