Dell Unity Operating Environment vulnerabilities

CVE-2026-22277 [HIGH] CWE-78 CVE-2026-22277: Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements u Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

CVE-2026-21418 [HIGH] CWE-78 CVE-2026-21418: Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements us Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

CVE-2025-43939 [HIGH] CWE-78 CVE-2025-43939: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVE-2025-46423 [HIGH] CWE-78 CVE-2025-46423: Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVE-2025-43940 [HIGH] CWE-78 CVE-2025-43940: Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVE-2025-43941 [HIGH] CWE-78 CVE-2025-43941: Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This vulnerability only affects systems without a valid

CVE-2025-43942 [HIGH] CWE-78 CVE-2025-43942: Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVE-2025-46422 [HIGH] CWE-78 CVE-2025-46422: Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVE-2025-36604 [HIGH] CWE-78 CVE-2025-36604: Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

CVE-2025-36606 [HIGH] CWE-78 CVE-2025-36606: Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nf Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

CVE-2025-36607 [HIGH] CWE-78 CVE-2025-36607: Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_na Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

CVE-2025-36605 [MEDIUM] CWE-79 CVE-2025-36605: Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading

CVE-2025-22398 [CRITICAL] CWE-78 CVE-2025-22398: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an a

CVE-2024-49601 [HIGH] CWE-78 CVE-2024-49601: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVE-2025-24383 [CRITICAL] CWE-78 CVE-2025-24383: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delet

CVE-2025-24380 [HIGH] CWE-78 CVE-2025-24380: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVE-2025-24378 [HIGH] CWE-78 CVE-2025-24378: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVE-2025-24386 [HIGH] CWE-78 CVE-2025-24386: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVE-2025-24379 [HIGH] CWE-78 CVE-2025-24379: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVE-2025-23383 [HIGH] CWE-78 CVE-2025-23383: Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.