Skip to main content

Integrated Dell Remote Access Controller CVE-2026-26945

| EUVDEUVD-2026-12915 MEDIUM
Process Control (CWE-114)
2026-03-18 dell
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
7.00.00.181,1.20.25.00,7.20.10.50
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2026-12915
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:27 nvd
MEDIUM 5.3

DescriptionCVE.org

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.

AnalysisAI

A Process Control vulnerability (CWE-114) exists in Dell Integrated Dell Remote Access Controller (iDRAC) across multiple generations that allows a high-privileged attacker with adjacent network access to achieve code execution. Affected versions include iDRAC 9 (14G prior to 7.00.00.181, 15G and 16G prior to 7.20.10.50) and iDRAC 10 (17G prior to 1.20.25.00). While the CVSS score of 5.3 is moderate, the integrity impact is rated high and remote code execution capability presents significant risk to out-of-band management infrastructure.

Technical ContextAI

Dell Integrated Dell Remote Access Controller (iDRAC) is a baseboard management controller that provides out-of-band remote management capabilities for Dell PowerEdge servers. The vulnerability stems from improper process control mechanisms (CWE-114), which typically involves inadequate validation or enforcement of process execution boundaries, allowing attackers to manipulate process behavior or inject code into running processes. Affected products are identified via CPE cpe:2.3:a:dell:integrated_dell_remote_access_controller:*:*:*:*:*:*:*:* and span multiple hardware generations (14G, 15G, 16G for iDRAC 9 and 17G for iDRAC 10). The vulnerability requires adjacent network access, meaning the attacker must be on the same network segment as the iDRAC management interface, and high privilege level (PR:H), indicating the attacker must already possess significant access to the iDRAC system.

RemediationAI

Apply the security update immediately: upgrade iDRAC 9 on 14G systems to version 7.00.00.181 or later, upgrade iDRAC 9 on 15G and 16G systems to version 7.20.10.50 or later, and upgrade iDRAC 10 on 17G systems to version 1.20.25.00 or later via the Dell support advisory at https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities. As interim controls pending patching, restrict network access to iDRAC management interfaces to authorized administrative networks only, implement network segmentation to isolate iDRAC traffic on a dedicated out-of-band management VLAN, enforce strong authentication and credential management on iDRAC accounts, and disable unnecessary iDRAC services and protocols. Monitor iDRAC logs for suspicious process execution or authentication anomalies.

Share

CVE-2026-26945 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy