CVE-2026-23857

HIGH
2026-02-12 [email protected]
8.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 12, 2026 - 03:15 nvd
HIGH 8.2

Tags

Information Disclosure Dell Update Package Framework

Description

Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Analysis

Dell Update Package Framework versions 23.12.00 through 24.12.00 suffers from improper privilege handling that allows local attackers with low-level user accounts to escalate their privileges on affected systems. An attacker with interactive access could exploit this vulnerability to gain elevated permissions, potentially compromising system integrity and confidentiality. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all systems running DUP Framework versions 23.12.00-24.12.00 and restrict local user account access to affected systems. Within 7 days: Implement network segmentation to isolate affected Dell systems and disable DUP auto-update features where operationally feasible. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

41
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +41
POC: 0

Share

CVE-2026-23857 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy