CVE-2026-41116
CVE-2026-41116
In short
Dell Inventory Collector Client versions before 13.8.0 have a flaw where it follows symbolic links without proper checks, allowing an attacker with local access to write files anywhere on the system. This could be used to compromise system integrity or execute malicious code.
Technical detail
The vulnerability is a classic link-following issue (CWE-1386) in Dell Inventory Collector Client <13.8.0. A low-privileged local attacker can exploit a race condition or predictable path to create a symbolic link that the application follows, resulting in arbitrary file write with the application's privileges. This requires local filesystem access and could lead to privilege escalation or system compromise.
Summary generated and translated by AI from the official description.
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected products
Dell · Inventory Collector ClientWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →