CVE-2026-26948

CVSS 4.9 MEDIUMEPSS 0.3%CWE-1258

In short

Dell's remote management tool (iDRAC) leaves debug information accessible to attackers with high privileges, potentially exposing sensitive system details. This could help attackers understand system vulnerabilities and plan further attacks.

Technical detail

Uncleared debug information in Dell iDRAC versions 9 (pre-7.00.00.174), 15G/16G (pre-7.10.90.00) permits information disclosure to high-privileged remote attackers. The vulnerability stems from inadequate sanitization of debug artifacts, enabling exposure of sensitive system configuration and operational data that could facilitate privilege escalation or lateral movement.

Summary generated and translated by AI from the official description.

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected products

Dell · Integrated Dell Remote Access Controller

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities