Vendor scorecard
Dell
Dell security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: dell, emc
Product families
3
Open in latest
7
Inferred — see methodology
Last disclosure
Feb 17, 2026
01
Product categories
3 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| PowerSwitch/OS10Routing & Switchingemc_powerswitch_firmware, smartfabric_os10, os10… | 7 | 5 | 10.5.5.8HIGH | ||
| iDRAC/ManagementNetwork Management & Monitoringidrac9_firmware, openmanage_network_manager, dell_emc_networking_n-series_firmware | 2 | 2 | 6.5.3LOW | ||
| Networking OS9Routing & Switchingftos, os9, networking_os9 | 0 | 0 | unknown |
02
Recent CVEs
9 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-22284(opens NVD record) | Medium | 6.6 | Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | Feb 17, 2026 |
| CVE-2025-46428(opens NVD record) | High | 8.8 | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | Nov 12, 2025 |
| CVE-2025-46427(opens NVD record) | High | 8.8 | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | Nov 12, 2025 |
| CVE-2024-48829(opens NVD record) | Medium | 6.7 | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | Nov 12, 2025 |
| CVE-2025-22397(opens NVD record) | Medium | 6.7 | Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | Nov 6, 2025 |
| CVE-2025-26482(opens NVD record) | Medium | 4.9 | Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure. | Sep 25, 2025 |
| CVE-2025-36609(opens NVD record) | Low | 2.5 | Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | Jul 30, 2025 |
| CVE-2025-36608(opens NVD record) | Medium | 6.5 | Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | Jul 30, 2025 |
| CVE-2025-30103(opens NVD record) | Medium | 5.5 | Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | Jul 30, 2025 |
9 CVEs · 3 product families