CVE-2026-26948
Received
Received - Intake
Information Disclosure in Dell iDRAC 9, 14G-16G via Debug Data Exposure
Vulnerability report for CVE-2026-26948, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-18
Last updated on: 2026-03-18
Assigner: Dell
Description
Description
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | integrated_dell_remote_access_controller | to 7.00.00.174 (exc) |
| dell | integrated_dell_remote_access_controller | to 7.10.90.00 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1258 | The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered. |