Repository Manager
CVE-2026-21420
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.
AnalysisAI
Dell Repository Manager versions before 3.4.8 suffer from an uncontrolled search path vulnerability that allows local attackers with low privileges to execute arbitrary code and escalate their access. An attacker with local system access and user interaction can exploit improper path handling to inject malicious code into the application's execution flow. A patch is available to remediate this HIGH severity issue affecting the repository management functionality.
Technical ContextAI
Classified as CWE-427 (Uncontrolled Search Path Element). Affects Repository Manager. Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.
RemediationAI
A vendor patch is available — apply it immediately.
More in Repository Manager
View allDell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. Rated high seve
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module.
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module.
Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. Rated me
Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Pr
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today