CVE-2026-26033
Unquoted Search Path in MUMC Allows SYSTEM Code Execution
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | ups_multi-ups_management_console | 01.06.0001_(a03) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-26033 is a vulnerability in the Dell UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03). It involves an unquoted search path or element (CWE-428) that allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges. This means that if an attacker can write files to certain directories, they can run malicious code with the highest system-level permissions.
How can this vulnerability impact me? :
This vulnerability can have a critical impact because it allows privilege escalation to SYSTEM level through arbitrary code execution. An attacker who exploits this flaw can gain full control over the affected system, potentially leading to unauthorized access, data theft, system manipulation, or disruption of services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability exists in Dell UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03). Detection involves identifying if this specific version is installed on your system.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is related to unquoted search paths and incorrect default permissions allowing arbitrary code execution with SYSTEM privileges, you can check for the presence of the vulnerable software and inspect directory permissions.'}, {'type': 'list_item', 'content': 'Check installed software version: Use commands like `wmic product get name,version` on Windows or check installed programs via Control Panel or equivalent.'}, {'type': 'list_item', 'content': 'Locate the installation directory of UPS Multi-UPS Management Console and check for unquoted paths in environment variables or service paths.'}, {'type': 'list_item', 'content': 'Use PowerShell or command prompt to check directory permissions, for example: `icacls "C:\\Path\\To\\MUMC"` to verify if non-administrative users have write access.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the available resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The affected product, Dell UPS Multi-UPS Management Console version 01.06.0001 (A03), is no longer supported.
Immediate mitigation steps include stopping the use of the vulnerable software to prevent exploitation.
Dell has released version 3.0 of the UPS ULNM and MUMC Management Software as a vendor response, so upgrading to this newer version is strongly recommended.
Additionally, review and restrict directory permissions to ensure that unprivileged users do not have write access to directories on the system drive where the software is installed.