CVE-2026-22277

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 96.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unityvsa Dell Unity Operating Environment

Timeline

PublishedJan 30

Description

Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell/unityvsaN/A — 5.5.3

▶NVDdell/unity_operating_environment< 5.5.3.0

🔴Vulnerability Details

GHSA

GHSA-5jcv-37h5-w6rh: Dell UnityVSA, version(s) 5↗2026-01-30

▶

CVEList

CVE-2026-22277: Dell UnityVSA, version(s) 5↗2026-01-30

▶