Dell Unity: Attackers can execute malicious code with root privileges
Admins should install an important security update for Dell Unity Operating Environment promptly.
Emergency in the data center
(Image: vchal/Shutterstock.com)
Dell's storage array software for the EMC series Unity, UnityVSA, and Unity XT is vulnerable. Attackers can exploit four security vulnerabilities. A version equipped against them is available for download.
Various Dangers
In a warning message, the developers state that two vulnerabilities (CVE-2026-21418 “high”, CVE-2026-22277 “high”) directly affect the software. A local attacker with low user privileges can exploit both vulnerabilities. Because input is not sufficiently validated, prepared OS commands can make attackers root. In this position, they can then execute malicious code and thus compromise systems.
Two further vulnerabilities impact the third-party components DOMPurify (CVE-2024-47875 “medium”) and Urlparse, urllib.parse.urlsplit (CVE-2025-0938 “medium”). Here, XSS attacks, among other things, can occur.
Videos by heise
Dell's developers assure that the vulnerabilities in Dell Unity Operating Environment (OE) 5.5.3 have been closed. All previous versions are said to be vulnerable. So far, there are no reports that attackers are already exploiting the vulnerabilities.
Most recently, Dell repaired Data Protection Advisor.
(des)
