CVE-2026-22269

{"id": "CVE-2026-22269", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}]}, "published": "2026-02-19T09:16:11.430", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000429778/dsa-2026-046-security-update-for-dell-powerprotect-data-manager-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-940"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass."}, {"lang": "es", "value": "Dell PowerProtect Data Manager, versi\u00f3n(es) anterior(es) a la 19.22, contiene una vulnerabilidad de Verificaci\u00f3n Incorrecta del Origen de un Canal de Comunicaci\u00f3n en la API REST. Un atacante con altos privilegios con acceso remoto podr\u00eda potencialmente explotar esta vulnerabilidad, lo que lleva a la elusi\u00f3n de mecanismos de protecci\u00f3n."}], "lastModified": "2026-02-20T16:36:41.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17D7AA01-F2D1-4DCF-BF83-0550AA9CC59A", "versionEndExcluding": "19.22"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}