Device Management Agent
CVE-2026-22285
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access.
AnalysisAI
Dell Device Management Agent versions before 26.02 store passwords in plaintext, allowing high-privileged local attackers to gain unauthorized access to sensitive systems. The vulnerability requires administrative-level access and local presence but poses a confidentiality risk to affected deployments. No patch is currently available.
Technical ContextAI
Affects Device Management Agent. Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access.
RemediationAI
Monitor vendor advisories for a patch.
More in Device Management Agent
View allLocal privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticate
Dell Device Management Agent versions before 26.02 suffer from an authorization bypass that allows local attackers with
Device Management Agent versions up to 26.02 is affected by improper check for unusual or exceptional conditions (CVSS 3
Same weakness CWE-256 – Plaintext Storage of a Password
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today