{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23773", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-16T06:05:50.872Z", "datePublished": "2026-04-29T03:39:25.139Z", "dateUpdated": "2026-04-29T03:54:49.237Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-29T03:54:49.237Z"}, "datePublic": "2026-04-27T18:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "Disk Library for mainframe DLm8700", "versions": [{"status": "affected", "version": "0", "lessThan": "7.0.1.0 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "Disk Library for mainframe DLm2700", "versions": [{"status": "affected", "version": "0", "lessThan": "7.0.1.0 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table><tbody><tr><td colspan=\"1\" rowspan=\"1\"><br>Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.</td></tr></tbody></table>"}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000458131/dsa-2026-091-security-update-for-dell-disk-library-for-mainframe-vulnerabilities?lang=en", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery."}], "id": "CVE-2026-23773", "lastModified": "2026-04-29T04:16:40.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-29T04:16:40.867", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000458131/dsa-2026-091-security-update-for-dell-disk-library-for-mainframe-vulnerabilities?lang=en"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-29T04:50:29.933966+00:00", "value": {"mitigation_remediation": ["Apply the Dell Disk Library for Mainframe security update published by Dell in the linked advisory.", "Reduce exposure by restricting remote access to the library only to trusted hosts or networks.", "Implement network segmentation or firewall rules to block unauthorized internal requests that the library might make."], "summary": {"action": "Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Dell Disk Library for Mainframe products DLm2700 and DLm8700. No specific firmware or software version numbers are listed beyond the product family; the public advisory recommends updating these mainframe disk libraries.", "description_and_impact": "The vulnerability allows a low\u2011privileged attacker with remote access to the Dell Disk Library for Mainframe to perform a server\u2011side request forgery. An attacker could trick the library into making unrestricted requests to internal resources, potentially exposing confidential information or facilitating further compromise.", "risk_and_exploitability": "The CVSS score of 4.3 indicates low severity. The EPSS score is not available and the vulnerability is not currently listed in the CISA KEV catalog. The attack vector is remote; a low\u2011privileged user can trigger the SSRF. Exploitation does not require administrative privileges but requires network connectivity to the library."}}}}, "created": "2026-04-29T05:00:03.852075+00:00", "title": "SSRF Vulnerability in Dell Disk Library for Mainframe", "updated": "2026-04-29T05:00:03.852098+00:00", "vendors": []}