CVE-2026-23857
Improper Permissions Vulnerability in Dell DUP Enables Privilege Escalation
Publication date: 2026-02-12
Last updated on: 2026-02-18
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | update_package_framework | From 23.12.00 (inc) to 25.02.00 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-280 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Dell Update Package (DUP) Framework versions 23.12.00 through 24.12.00. It involves improper handling of insufficient permissions or privileges. This means that a low privileged attacker who has local access to the system could exploit this flaw to elevate their privileges.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a low privileged local attacker to gain higher privileges on the affected system. This elevation of privileges can lead to unauthorized access to sensitive information, modification of system settings, or execution of malicious code with elevated rights.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know