Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-21419

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-09 Feb, 2026 | 17:01
Updated At-26 Feb, 2026 | 15:04
Rejected At-
Credits

Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:09 Feb, 2026 | 17:01
Updated At:26 Feb, 2026 | 15:04
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges

Affected Products
Vendor
Dell Inc.Dell
Product
Display and Peripheral Manager (Windows)
Default Status
unaffected
Versions
Affected
  • From N/A before 2.2.0.18 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-59CWE-59: Improper Link Resolution Before File Access ('Link Following')
Type: CWE
CWE ID: CWE-59
Description: CWE-59: Improper Link Resolution Before File Access ('Link Following')
Metrics
VersionBase scoreBase severityVector
3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
CVE-2026-21419: Dell Technologies would like to thank falconCorrup for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000384542/dsa-2026-009
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000384542/dsa-2026-009
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:09 Feb, 2026 | 18:16
Updated At:09 Feb, 2026 | 21:55

Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-59Primarysecurity_alert@emc.com
CWE ID: CWE-59
Type: Primary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000384542/dsa-2026-009security_alert@emc.com
N/A
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000384542/dsa-2026-009
Source: security_alert@emc.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

38Records found
CVE-2023-32474
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 2.94%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 07:53
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-46636
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 1.03%
||
7 Day CHG-0.00%
Published-09 Dec, 2025 | 17:34
Updated-10 Dec, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionDell Encryption
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-28046
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.10% / 28.05%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 06:07
Updated-10 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CVE-2025-21101
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 04:36
Updated-04 Feb, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion.

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-46684
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 2.44%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:19
Updated-13 Feb, 2026 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoverySupportAssist OS Recovery,
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CVE-2023-44281
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 5.59%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 15:38
Updated-30 May, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service.

Action-Not Available
Vendor-Dell Inc.
Product-pairDell Pair
CWE ID-CWE-264
Not Available
CVE-2025-36564
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.63%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 14:41
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionEncryption Admin Utilities
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-36611
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.02% / 6.68%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 16:18
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionsecurity_management_serverSecurity Management ServerEncryption
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-29983
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.21%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 03:30
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-trusted_device_agentDell Trusted Device Client
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-25906
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 20:55
Updated-05 Mar, 2026 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-optimizerOptimizer
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-28065
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.11%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 11:04
Updated-04 Dec, 2024 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowsalienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-28071
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.74%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:37
Updated-07 Nov, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowsalienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-25940
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 30.90%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:14
Updated-11 Feb, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-22480
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.07% / 19.98%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 16:04
Updated-24 Sep, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoveryDell SupportAssist OS Recovery
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2023-24572
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 14.26%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 07:15
Updated-21 Mar, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_integration_suite_for_system_centerDell Command Integration Suite for System Center (DCIS)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-23697
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 14.26%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 07:24
Updated-21 Mar, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_intel_vpro_out_of_bandDell Command Update (DCU)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-27105
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 2.48%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 18:18
Updated-05 May, 2026 | 12:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write

Action-Not Available
Vendor-Dell Inc.
Product-dell\/alienware_purchased_appsDell/Alienware Purchased Apps
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-52537
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 19.43%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 07:26
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsdock_wd19_firmware_update_utilitylinux_kerneldock_wd22tb4_firmware_update_utilitydock_hd22q_firmware_update_utilityDell Client Platform BIOS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-52535
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.47% / 64.77%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 14:41
Updated-29 Jan, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCsSupportAssist for Business PCs
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-52542
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 29.69%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 11:33
Updated-04 Feb, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-appsyncAppSync
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-47480
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.77%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 01:05
Updated-04 Feb, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.

Action-Not Available
Vendor-Dell Inc.
Product-inventory_collectorInventory Collector Client
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-5324
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.26%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 14:50
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareprecision_3541inspiron_5583precision_7730_firmwareprecision_3541_firmwarelatitude_5401_firmwareprecision_7730inspiron_7380inspiron_5491_firmwarelatitude_5424_rugged_firmwarexps_15_9575_firmwareinspiron_14_5490inspiron_5590_firmwarevostro_3490_firmwareg7_17_7790_firmwareg7_17_7790latitude_7300_firmwareinspiron_5493inspiron_7490latitude_5400_firmwareprecision_7540wyse_5470inspiron_5390_firmwareg7_15_7590inspiron_3593_firmwareinspiron_5591inspiron_7391latitude_5490latitude_5590inspiron_5481inspiron_5494_firmwareinspiron_7390_firmwareinspiron_7580_firmwareinspiron_7786_firmwareinspiron_3583vostro_5581_firmwarevostro_3481latitude_5300inspiron_7786vostro_7590precision_5530_firmwareinspiron_5591_firmwareinspiron_3590_firmwareinspiron_3781g5_5587_firmwarelatitude_5501_firmwarevostro_15_7580_firmwarelatitude_7424_rugged_extreme_firmwarevostro_15_7580g7_7588_firmwareinspiron_7590_firmwareinspiron_7791_firmwarelatitude_7300precision_7740_firmwareg3_3579_firmwarevostro_3590_firmwareinspiron_5498inspiron_3780inspiron_7380_firmwarelatitude_3590_firmwarelatitude_7490_firmwareinspiron_7591_firmwarelatitude_7390_firmwarelatitude_5290latitude_5500_firmwareinspiron_3481inspiron_3780_firmwareinspiron_7490_firmwareg7_7588latitude_3400_firmwareprecision_3530latitude_5590_firmwarelatitude_5591inspiron_5590latitude_7400vostro_5481_firmwarevostro_5490inspiron_3593inspiron_5584xps_15_9570precision_7740g3_15_3590_firmwareinspiron_3481_firmwarelatitude_3390precision_5530g5_5090inspiron_5582inspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_3790_firmwareinspiron_3584_firmwareinspiron_5493_firmwareinspiron_7586inspiron_3480inspiron_3583_firmwareinspiron_7586_firmwarelatitude_3400inspiron_3480_firmwarelatitude_3490inspiron_3793_firmwareinspiron_7390vostro_3580_firmwareinspiron_3581_firmwarelatitude_3300_firmwarevostro_3590vostro_5390xps_15_9570_firmwarelatitude_3490_firmwarevostro_5590_firmwarevostro_3581_firmwarevostro_5581inspiron_3490latitude_7200_firmwareprecision_7530_firmwarevostro_3581xps_15_9575inspiron_3790vostro_3583_firmwarelatitude_5420_rugged_firmwarevostro_5391inspiron_5494latitude_7220_rugged_extreme_tablet_firmwarelatitude_3301g3_3779_firmwarelatitude_5300_firmwareinspiron_5594latitude_5420_ruggedprecision_3540_firmwareinspiron_5580latitude_7220_rugged_extreme_tabletinspiron_5582_firmwarelatitude_5500latitude_3500_firmwarevostro_3490g5_15_5590g5_15_5590_firmwareinspiron_5391wyse_5070_thin_clientinspiron_5598xps_13_9380inspiron_5480latitude_7220ex_rugged_extreme_tabletlatitude_7220ex_rugged_extreme_tablet_firmwareg7_15_7590_firmwareinspiron_5580_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_3500inspiron_7791inspiron_3793latitude_5501latitude_7400_firmwareprecision_3540latitude_3590inspiron_3580_firmwareinspiron_3781_firmwareinspiron_5481_firmwarelatitude_3311_firmwareinspiron_7591xps_15_7590latitude_3300inspiron_5584_firmwareprecision_5540_firmwarevostro_5590vostro_3583vostro_3584_firmwarelatitude_5491_firmwareinspiron_5482vostro_3480latitude_7290inspiron_3493inspiron_5594_firmwareinspiron_14_5490_firmwareprecision_7540_firmwareinspiron_7391_firmwareinspiron_5593_firmwarewyse_5470_firmwareinspiron_5593inspiron_5491latitude_5290_firmwarelatitude_7424_rugged_extremeg5_5587inspiron_7580inspiron_5598_firmwareinspiron_3584inspiron_5482_firmwarevostro_5390_firmwareg5_5090_firmwarevostro_5481inspiron_3493_firmwarelatitude_7390precision_3530_firmwarelatitude_3311latitude_7290_firmwareprecision_7530inspiron_5583_firmwareg3_15_3590latitude_3390_firmwarelatitude_7200inspiron_5480_firmwareinspiron_3590inspiron_5391_firmwarevostro_3480_firmwareinspiron_7590vostro_3580vostro_7590_firmwarexps_15_7590_firmwarevostro_3584inspiron_3490_firmwarexps_13_9380_firmwarewyse_5070_thin_client_firmwarelatitude_3301_firmwarelatitude_7490inspiron_5390vostro_3481_firmwareinspiron_3580latitude_5491g3_3579g3_3779inspiron_7386_firmwareinspiron_3581inspiron_7386latitude_5424_ruggedlatitude_5400Dell Client Consumer and Commercial Platforms
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-43726
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.45%
||
7 Day CHG~0.00%
Published-02 Sep, 2025 | 18:29
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link Resolution Before File Access ('Link Following')" vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-Alienware Command Center 5.x (AWCC)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-25952
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.10% / 26.09%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:21
Updated-09 Jan, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-36286
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.07% / 19.89%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_client_consumerSupportAssist Client Consumer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-43078
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.51%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 05:33
Updated-19 Dec, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_24_5410_all-in-onelatitude_5401optiplex_7770_all-in-onexps_15_9510_firmwareinspiron_7300_firmwarelatitude_3520inspiron_13_5330precision_3561_firmwarexps_17_9710_firmwareoptiplex_tower_plus_7010_firmwareprecision_7770_firmwareprecision_7560inspiron_14_plus_7430alienware_x14_r2vostro_3888optiplex_all-in-one_7410_firmwarexps_13_9315inspiron_7490vostro_3888_firmwarelatitude_5430_rugged_laptopprecision_7540optiplex_5090_small_form_factor_firmwareinspiron_15_3511_firmwarewyse_5070latitude_9420alienware_x16_r1precision_5470_firmwaredell_precision_3630_towerlatitude_5590optiplex_5080latitude_5511precision_5530_2-in-1precision_5550inspiron_7501inspiron_5502optiplex_xe4_tower_firmwarechengming_3911_firmwarevostro_14_3430_firmwarexps_17_9700inspiron_16_7630_2-in-1optiplex_3000_microoptiplex_7000_microlatitude_5300vostro_3400g3_3500optiplex_3000_tower_firmwareprecision_5530_firmwaredell_precision_3430_toweroptiplex_micro_7010_firmwarelatitude_7320latitude_7300alienware_m18_r1precision_3431_toweroptiplex_3060_firmwarelatitude_3420latitude_7490_firmwareoptiplex_tower_7010latitude_5310_2-in-1_firmwareprecision_3570inspiron_7490_firmwareinspiron_5409latitude_7400latitude_5591optiplex_5270_all-in-one_firmwareinspiron_3471latitude_5531_firmwareoptiplex_7071_firmwareinspiron_14_5410precision_3570_firmwareoptiplex_5070latitude_3400precision_5770_firmwareinspiron_14_7430_2-in-1latitude_3420_firmwareg5_5000vostro_14_5410precision_5480inspiron_14_5420_firmwareoptiplex_3090_firmwareg15_5520_firmwarelatitude_3530inspiron_7506_2-in-1_firmwarexps_13_plus_9320alienware_m16_r1optiplex_7000_small_form_factor_firmwarelatitude_7320_detachable_firmwarelatitude_9410optiplex_7400_all-in-oneoptiplex_7070optiplex_7080_firmwarevostro_16_5630latitude_5420_rugged_firmwarelatitude_5310latitude_5530precision_7680latitude_5431_firmwarelatitude_3301latitude_5420_ruggedoptiplex_7090_ultra_firmwareg16_7620precision_3450chengming_3900latitude_5495inspiron_5400latitude_7330_firmwarexps_15_9520_firmwarevostro_3020_small_desktopprecision_5680_firmwarevostro_5090precision_5560latitude_7640latitude_3190vostro_15_3520_firmwareoptiplex_5400_all-in-one_firmwarelatitude_7430_firmwarelatitude_3330_firmwarelatitude_5540universal_dock_ud22_firmware_update_utilityinspiron_3881_firmwarevostro_15_3510latitude_5521xps_9315_2-in-1optiplex_5480_all-in-one_firmwareoptiplex_7000_tower_firmwareprecision_3540precision_5570_firmwareinspiron_3910inspiron_3580_firmwarelatitude_7520optiplex_7400_all-in-one_firmwarewyse_5070_firmwarelatitude_3310latitude_5290_2-in-1g7_7700_firmwarewyse_5470_all-in-one_firmwareoptiplex_3090latitude_7290latitude_3340vostro_7620_firmwareinspiron_16_7620_2-in-1inspiron_5402latitude_5430_firmwareprecision_7540_firmwarevostro_3401_firmwarevostro_3881wyse_5470_firmwareinspiron_24_5411_all-in-one_firmwareinspiron_5593latitude_5420_firmwareprecision_3561inspiron_14_7420_2-in-1optiplex_3000_towerlatitude_5440_firmwarelatitude_3190_2-in-1_firmwarevostro_5301precision_3460_xe_small_form_factor_firmwarexps_15_9510inspiron_16_plus_7620latitude_7210_2-in-1optiplex_xe3_firmwarevostro_5880precision_3260_compactoptiplex_7070_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneoptiplex_xe3latitude_3301_firmwarelatitude_5491latitude_3140_firmwarelatitude_9520_firmwareprecision_5560_firmwarelatitude_5330vostro_3690_firmwarelatitude_5520_firmwareoptiplex_5480_all-in-oneinspiron_24_5410_all-in-one_firmwarelatitude_5400latitude_5410precision_7865_towerprecision_3541xps_8940latitude_9440_2-in-1precision_7730_firmwareprecision_3551latitude_5401_firmwareoptiplex_all-in-one_7410optiplex_3000_small_form_factor_firmwareprecision_7730inspiron_16_7610_firmwarevostro_5301_firmwarevostro_5890latitude_7230_rugged_extreme_firmwarealienware_m18_r1_firmwareoptiplex_7770_all-in-one_firmwarelatitude_5400_firmwareg16_7630latitude_5430_rugged_laptop_firmwarelatitude_9330_firmwareinspiron_7700_all-in-onevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareinspiron_13_5320optiplex_7460_all_in_one_firmwarevostro_5402optiplex_tower_7010_firmwareoptiplex_7090_ultraoptiplex_7470_all-in-oneg5_5000_firmwareinspiron_3671_firmwareprecision_7960_tower_firmwareprecision_3550_firmwarelatitude_3310_firmwarevostro_3690g16_7620_firmwareprecision_3460_small_form_factor_firmwarexps_9315_2-in-1_firmwarevostro_7500latitude_7530optiplex_7490_all-in-onealienware_m15_r7precision_7740_firmwareoptiplex_5090_towervostro_15_3530g16_7630_firmwaredock_wd22tb4_firmware_update_utilityvostro_3681vostro_3591latitude_3440precision_7780latitude_7400_2-in-1_firmwarevostro_15_7510precision_3530latitude_5411_firmwarelatitude_3510_firmwareoptiplex_7070_ultrainspiron_13_5310_firmwareinspiron_3593precision_7740inspiron_15_5518_firmwareoptiplex_tower_plus_7010precision_5530latitude_7310_firmwareoptiplex_3000_thin_clientinspiron_7306_2-in-1latitude_7530_firmwarexps_13_9310_firmwarexps_13_7390_firmwarelatitude_9510optiplex_3280_all-in-oneinspiron_16_plus_7630precision_5760_firmwarevostro_14_3420precision_3580_firmwarevostro_3681_firmwarevostro_3580_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1precision_7760_firmwarelatitude_5300_2-in-1_firmwarexps_13_9305_firmwareinspiron_5410optiplex_7760_all-in-onevostro_15_7510_firmwareg7_7700vostro_5502latitude_3540_firmwareoptiplex_7780_all-in-oneinspiron_3501_firmwareinspiron_27_7720_all-in-one_firmwarelatitude_5300_firmwareinspiron_3880optiplex_7000_xe_microprecision_3930_rackprecision_7865_tower_firmwareprecision_7550xps_17_9720latitude_7440_firmwareoptiplex_small_form_factor_7010inspiron_15_3530_firmwareinspiron_14_plus_7420latitude_5320_firmwareprecision_3581optiplex_3080xps_13_9315_firmwareinspiron_15_3530xps_13_9300_firmwareprecision_5750optiplex_7460_all_in_oneinspiron_27_7710_all-in-one_firmwarevostro_3671precision_5570latitude_7310inspiron_14_5410_firmwarelatitude_5421_firmwarelatitude_7330_rugged_laptopinspiron_7500g15_5511precision_5760optiplex_7480_all-in-onechengming_3990_firmwareprecision_3551_firmwareinspiron_3020_small_desktop_firmwarelatitude_9430optiplex_7070_ultra_firmwarevostro_3400_firmwareoptiplex_7060latitude_7424_rugged_extremelatitude_5290_firmwareoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390latitude_5440vostro_3500precision_3240_compactprecision_7750_firmwarelatitude_3520_firmwarevostro_3401vostro_3480_firmwarechengming_3991_firmwareinspiron_16_7630_2-in-1_firmwareprecision_5680inspiron_14_5418inspiron_7400latitude_9430_firmwareprecision_3650_tower_firmwarevostro_14_3420_firmwareinspiron_24_5411_all-in-oneoptiplex_7470_all-in-one_firmwareprecision_3630_tower_firmwarelatitude_7340_firmwarexps_13_9310_2-in-1latitude_7440intel_thunderbolt_controller_firmware_update_utilityinspiron_5400_firmwarelatitude_5424_ruggedvostro_15_3520optiplex_7760_all-in-one_firmwarelatitude_9510_2in1inspiron_7500_firmwareprecision_3541_firmwareg5_5500latitude_7330inspiron_14_5420inspiron_7506_2-in-1latitude_5330_firmwareg7_7500precision_3650_towervostro_3881_firmwarelatitude_7200_2-in-1latitude_5511_firmwarelatitude_3430_firmwareprecision_7960_towerprecision_3550inspiron_3891_firmwareoptiplex_3090_ultra_firmwareprecision_5480_firmwarexps_13_7390_2-in-1_firmwarelatitude_7420_firmwareoptiplex_5070_firmwareprecision_5860_tower_firmwarelatitude_3310_2-in-1optiplex_3090_ultraoptiplex_5090_tower_firmwarelatitude_5490vostro_5620_firmwareinspiron_16_7610latitude_7330_rugged_laptop_firmwarexps_7590latitude_3190_2-in-1optiplex_7071inspiron_3891xps_13_9305optiplex_7000_xe_micro_firmwarelatitude_9410_firmwareinspiron_7706_2-in-1_firmwarelatitude_5300_2-in-1inspiron_13_5330_firmwarelatitude_7424_rugged_extreme_firmwarelatitude_7220_rugged_extremeoptiplex_3070_firmwareg15_5511_firmwarelatitude_7410_firmwareprecision_3660optiplex_5260_all-in-onelatitude_5310_2-in-1optiplex_7090_tower_firmwarevostro_3910inspiron_15_7510_firmwareinspiron_14_5418_firmwareg5_5500_firmwareinspiron_3020_desktoplatitude_7390_firmwarelatitude_5500_firmwarelatitude_5410_firmwarelatitude_5430vostro_5090_firmwarexps_13_7390latitude_3530_firmwarelatitude_3400_firmwarevostro_3890latitude_3510precision_3560_firmwareinspiron_3880_firmwareg5_5090precision_5860_toweroptiplex_5080_firmwareinspiron_14_5430inspiron_14_7420_2-in-1_firmwarevostro_3471xps_17_9700_firmwareinspiron_3480_firmwareinspiron_15_7510latitude_5530_firmwareoptiplex_7000_micro_firmwareprecision_5470optiplex_5060_firmwareinspiron_16_5630_firmwarevostro_16_5630_firmwarevostro_3590precision_3470_firmwareoptiplex_small_form_factor_plus_7010inspiron_15_5510vostro_3020_tower_desktop_firmwareinspiron_16_plus_7620_firmwareprecision_7530_firmwarevostro_3583_firmwarelatitude_3190_firmwareoptiplex_5000_tower_firmwareoptiplex_micro_7010optiplex_xe4_towerxps_13_9300xps_15_9500latitude_5500precision_7550_firmwarelatitude_3500_firmwarechengming_3900_firmwarechengming_3991precision_3260_xe_compact_firmwareprecision_3260_xe_compactinspiron_7501_firmwareoptiplex_5090_small_form_factorg15_5510_firmwarelatitude_5290_2-in-1_firmwarelatitude_7220_rugged_extreme_firmwareinspiron_3471_firmwarelatitude_5501latitude_7400_firmwarevostro_3501vostro_5320_firmwarevostro_15_5510precision_3450_firmwarechengming_3990inspiron_15_3520_firmwareprecision_3460_small_form_factorinspiron_5301precision_3581_firmwarelatitude_5340optiplex_7090_towervostro_3583latitude_5491_firmwareprecision_3470vostro_5880_firmwareprecision_3480xps_17_9710precision_5750_firmwareoptiplex_small_form_factor_plus_7010_firmwaredock_hd22q_firmware_update_utilityoptiplex_3060optiplex_5060chengming_3988_firmwarelatitude_5520wyse_5470_all-in-onelatitude_3410_firmwareprecision_7680_firmwarevostro_13_5310_firmwareinspiron_7400_firmwareprecision_3260_compact_firmwarelatitude_7640_firmwareoptiplex_5400_all-in-onelatitude_3320precision_3530_firmwareprecision_3580latitude_3540xps_13_9310_2-in-1_firmwarealienware_x14_r2_firmwarevostro_5320vostro_3580precision_7750inspiron_3020_small_desktoplatitude_3430latitude_3320_firmwareinspiron_3580optiplex_5490_all-in-one_firmwareoptiplex_7080g15_5510inspiron_15_5518vostro_7500_firmwarevostro_14_3430xps_17_9730latitude_9330inspiron_16_7620_2-in-1_firmwareinspiron_15_3511latitude_7230_rugged_extremelatitude_9440_2-in-1_firmwarelatitude_5424_rugged_firmwareinspiron_15_3520optiplex_5000_small_form_factor_firmwarechengming_3910_firmwarelatitude_7300_firmwarelatitude_5421inspiron_16_5630latitude_9420_firmwareinspiron_24_5420_all-in-onelatitude_5510inspiron_5401_aio_firmwarewyse_5470latitude_7340optiplex_5090_micro_firmwarevostro_3501_firmwareinspiron_3593_firmwareinspiron_14_plus_7430_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwareoptiplex_5000_micro_firmwareprecision_3640_firmwarelatitude_3310_2-in-1_firmwareinspiron_16_5620latitude_5320latitude_3330vostro_13_5310optiplex_7000_small_form_factorlatitude_7410xps_13_7390_2-in-1latitude_5501_firmwareprecision_3571optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411optiplex_5090_microvostro_3020_tower_desktopprecision_7760xps_17_9720_firmwarealienware_x16_r1_firmwareinspiron_7306_2-in-1_firmwarevostro_3500_firmwarelatitude_7320_detachablelatitude_9520inspiron_5509optiplex_5055_ryzen_apuvostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_27_7710_all-in-onelatitude_7420latitude_5290inspiron_7706_2-in-1precision_7670precision_5550_firmwareg7_7500_firmwareinspiron_24_5420_all-in-one_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_16_plus_7630_firmwareinspiron_16_5620_firmwareprecision_7670_firmwareg15_5530inspiron_5301_firmwareinspiron_3671precision_5540precision_3571_firmwarevostro_5620inspiron_3480latitude_7520_firmwarelatitude_5431precision_3930_rack_firmwareoptiplex_3000_thin_client_firmwarevostro_3710latitude_5420precision_3480_firmwareinspiron_7300inspiron_3793_firmwareinspiron_5402_firmwareprecision_3430_tower_firmwareprecision_7560_firmwareoptiplex_micro_plus_7010latitude_3300_firmwarelatitude_3440_firmwarexps_15_9530_firmwarexps_17_9730_firmwarelatitude_7400_2-in-1precision_7770latitude_7210_2-in-1_firmwarexps_13_9310latitude_5510_firmwarelatitude_3340_firmwareinspiron_5410_firmwareoptiplex_5000_microinspiron_15_5510_firmwareinspiron_14_7430_2-in-1_firmwarevostro_5502_firmwareprecision_3540_firmwarexps_15_9530latitude_7430g3_3500_firmwareprecision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3000_small_form_factoroptiplex_3080_firmwarexps_13_plus_9320_firmwarelatitude_3410optiplex_small_form_factor_7010_firmwarevostro_5402_firmwarevostro_15_3510_firmwareinspiron_7700_all-in-one_firmwareinspiron_3881optiplex_7490_all-in-one_firmwarevostro_14_5410_firmwarevostro_15_3530_firmwarelatitude_5531precision_3660_firmwarevostro_3020_small_desktop_firmwarechengming_3910optiplex_3000_micro_firmwareoptiplex_5000_small_form_factorprecision_7780_firmwarelatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501inspiron_13_5310latitude_3140latitude_3500latitude_5310_firmwarelatitude_9510_2in1_firmwareinspiron_3793inspiron_27_7720_all-in-onelatitude_5540_firmwareprecision_3430_toweralienware_m15_r6vostro_3890_firmwaredock_wd19_firmware_update_utilitychengming_3988xps_15_7590latitude_3300optiplex_micro_plus_7010_firmwareprecision_5540_firmwareinspiron_5401_firmwarevostro_15_5510_firmwareprecision_3460_xe_small_form_factorxps_15_9520xps_8940_firmwarelatitude_7320_firmwareoptiplex_5490_all-in-onevostro_3480latitude_3120g15_5530_firmwareprecision_3560inspiron_5401_aiotpm_2.0_firmware_update_utilitydell_precision_3431_towerprecision_3640optiplex_5260_all-in-one_firmwarelatitude_rugged_7220exinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareprecision_3630_toweralienware_m16_r1_firmwareinspiron_14_5430_firmwareinspiron_3020_desktop_firmwareoptiplex_3070inspiron_13_5320_firmwarevostro_3910_firmwarelatitude_7290_firmwareprecision_7530chengming_3911precision_5770vostro_7620dell_precision_5820_towerinspiron_5502_firmwarexps_15_7590_firmwareinspiron_5409_firmwareinspiron_14_plus_7420_firmwareg15_5520latitude_5340_firmwarelatitude_7490optiplex_7000_toweroptiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareoptiplex_5000_towerinspiron_5401Dell Client Platform, Dell Dock Firmwarelatitude_7320_firmwareg15_5530_firmwaredell_g7_7700_firmwarelatitude_3340_firmwareinspiron_24_5411_all-in-one_firmwarechengming_3988_firmwarelatitude_5290_firmwarelatitude_5420_firmwarealienware_m16_r1_firmwareg3_3500_firmwareg5_5090_firmwareoptiplex_3080_firmwareinspiron_3891_firmwareinspiron_13_5320_firmwarechengming_3900_firmwareinspiron_5301_firmwarelatitude_7290_firmwareoptiplex_5090_tower_firmwarealienware_x14_r2_firmwareinspiron_3593_firmwareinspiron_3880_firmwareinspiron_15_3530_firmwareprecision_3260_xe_compact_firmwarelatitude_5320_firmwareprecision_3660_firmwareoptiplex_5400_all-in-one_firmwarechengming_3991_firmwareg5_5000_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwarelatitude_7220_rugged_extreme_firmwarelatitude_5340_firmwareoptiplex_3000_thin_client_firmwarelatitude_3420_firmwareprecision_3650_tower_firmwarelatitude_5530_firmwarelatitude_9520_firmwareoptiplex_5490_all-in-one_firmwareprecision_3630_tower_firmwarelatitude_3300_firmwareinspiron_13_5330_firmwareinspiron_14_5410_firmwareoptiplex_3090_firmwareg15_5511_firmware
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-3749
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.6||MEDIUM
EPSS-0.05% / 14.97%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 20:20
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.

Action-Not Available
Vendor-Dell Inc.
Product-command_updateDell Command Update (DCU)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-39246
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 6.36%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 08:41
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowssecurity_management_serverencryptionendpoint_security_suite_enterpriseDell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows)
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-3750
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.6||MEDIUM
EPSS-0.05% / 14.97%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 20:20
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.

Action-Not Available
Vendor-Dell Inc.
Product-command_updateDell Command Update (DCU)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-18575
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.24%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 20:40
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-46637
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.01% / 2.47%
||
7 Day CHG-0.00%
Published-09 Dec, 2025 | 17:31
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionDell Encryption
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-39578
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 34.54%
||
7 Day CHG~0.00%
Published-31 Aug, 2024 | 07:33
Updated-03 Sep, 2024 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-37143
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-0.92% / 76.08%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 02:25
Updated-22 Jan, 2026 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-powerflex_managerpowerflex_rack_release_certification_matrixinsightiqdata_lakehousepowerflex_appliance_intelligent_catalogDell Data LakehouseDell PowerFlex rackDell PowerFlex applianceDell PowerFlex custom nodeDell InsightIQ
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-25953
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.10% / 26.09%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:27
Updated-09 Jan, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-32454
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 5.52%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:00
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service

Action-Not Available
Vendor-Dell Inc.
Product-update_package_frameworkDUP Framework
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-4135
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-5.2||MEDIUM
EPSS-0.01% / 2.90%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 12:28
Updated-17 Apr, 2026 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Software Fix
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-28684
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 1.23%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 16:25
Updated-27 Apr, 2026 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Users should upgrade to v.1.2.2 or, as a workaround, apply the patch manually.

Action-Not Available
Vendor-saurabh-kumartheskumar
Product-python-dotenvpython-dotenv
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2025-15324
Matching Score-4
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
ShareView Details
Matching Score-4
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 0.58%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 18:25
Updated-10 Feb, 2026 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tanium addressed a local privilege escalation vulnerability in Engage.

Tanium addressed a documentation issue in Engage.

Action-Not Available
Vendor-taniumTanium
Product-engageEngage
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
Details not found