CVE-2026-28265
published 2026-04-01CVE-2026-28265: PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this…
PriorityP433high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
EPSS
0.12%
1.9th percentile
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | powerstore | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_1000t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_1200t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_3000t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_3200q | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_3200t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_5000t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_500t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_5200q | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_5200t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_7000t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_9000t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstore_9200t | < 4.4.0.0-2692403 or later | 4.4.0.0-2692403 or later |
| dell | powerstoreos | < 4.4.0.0-2692403 | 4.4.0.0-2692403 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-669m-x2jm-gm59: PowerStore, contains a Path Traversal vulnerability in the Service user
ghsa_unreviewed·2026-04-01
CVE-2026-28265 [MEDIUM] CWE-22 GHSA-669m-x2jm-gm59: PowerStore, contains a Path Traversal vulnerability in the Service user
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Red Hat
gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing
vendor_redhat·2026-02-20·CVSS 7.8
CVE-2026-2045 [HIGH] CWE-787 gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing
gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.
A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The
No detection rules found.
No public exploits indexed.
2026-04-01
Published