CVE-2026-26948
Information Disclosure in Dell iDRAC 9, 14G-16G via Debug Data Exposure
Publication date: 2026-03-18
Last updated on: 2026-03-18
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | integrated_dell_remote_access_controller | to 7.00.00.174 (exc) |
| dell | integrated_dell_remote_access_controller | to 7.10.90.00 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1258 | The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Dell Integrated Dell Remote Access Controller (iDRAC) versions prior to 7.00.00.174 for 14G, and prior to 7.10.90.00 for 15G and 16G. It involves the exposure of sensitive system information due to uncleared debug information. A highly privileged attacker with remote access could exploit this flaw to disclose sensitive information.
How can this vulnerability impact me? :
The impact of this vulnerability is information disclosure. Specifically, a high privileged attacker with remote access could exploit the uncleared debug information to gain access to sensitive system information. This could potentially aid in further attacks or unauthorized access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know