CVE-2026-40713
Improper Access Control in Dell ThinOS 10
Publication date: 2026-06-02
Last updated on: 2026-06-04
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | thinos | to 2602_10.0765 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Dell ThinOS 10 allows an unauthenticated attacker with physical access to potentially expose information due to improper access control.
Such information exposure could lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access.
However, specific impacts on compliance are not detailed in the provided information.
Can you explain this vulnerability to me?
This vulnerability exists in Dell ThinOS 10 versions prior to ThinOS10 2602_10.0765 and is an Improper Access Control issue. It allows an unauthenticated attacker who has physical access to the device to potentially exploit the system, which can lead to information exposure.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to the exposure of sensitive information because an attacker with physical access can bypass access controls without authentication.