CVE-2026-23856
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Analysis
Privilege escalation in Dell iDRAC Service Module (Windows versions before 6.0.3.1 and Linux versions before 5.4.1.1) stems from improper access controls that allow local users with low privileges to gain elevated system access. An attacker with local access can exploit this vulnerability to obtain administrative capabilities on affected systems. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running iDRAC iSM for Windows (pre-6.0.3.1) and Linux (pre-5.4.1.1); restrict network access to iDRAC interfaces to authorized administrators only. Within 7 days: Isolate affected systems on separate network segments if feasible; implement enhanced monitoring and logging on iDRAC access; contact Dell support for patch availability and timeline. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today