Skip to main content

Integrated Dell Remote Access Controller CVE-2026-26948

| EUVDEUVD-2026-12917 MEDIUM
Exposure of Sensitive System Information Due to Uncleared Debug Information (CWE-1258)
2026-03-18 dell
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
7.00.00.174,7.10.90.00
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2026-12917
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:40 nvd
MEDIUM 4.9

DescriptionCVE.org

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

AnalysisAI

Dell Integrated Dell Remote Access Controller (iDRAC) versions 9, 14G (prior to 7.00.00.174), 15G, and 16G (prior to 7.10.90.00) contain an exposure of sensitive system information vulnerability caused by uncleared debug information in memory or logs. A remote attacker with high privileges can exploit this to disclose confidential system details without modifying or disrupting service availability. While the CVSS score is moderate at 4.9 due to high privilege requirements, the confidentiality impact is rated high, making this relevant for organizations where insider threats or compromised administrator accounts are a concern.

Technical ContextAI

This vulnerability (CWE-1258: Exposure of Sensitive System Information to an Unauthorized Control Sphere) occurs in Dell's iDRAC firmware, which is a baseboard management controller providing remote out-of-band management capabilities for Dell PowerEdge servers. The root cause is uncleared debug information—likely verbose logging, memory dumps, or diagnostic artifacts—left accessible within the iDRAC interface or firmware. The affected CPE cpe:2.3:a:dell:integrated_dell_remote_access_controller:*:*:*:*:*:*:*:* encompasses all iDRAC product lines at vulnerable versions. iDRAC operates at firmware level with administrative access, making debug data exposure particularly sensitive as it may contain credentials, encryption keys, or system architecture details used for server provisioning and management.

RemediationAI

Update Dell iDRAC firmware to version 7.00.00.174 or later for 9 and 14G models, or to version 7.10.90.00 or later for 15G and 16G models. Firmware updates are available through Dell Support at https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities. Prioritize patching iDRAC instances in high-security environments. As interim mitigations, restrict network access to iDRAC interfaces to trusted administrative networks and VPNs, limit iDRAC user accounts to minimum necessary privileges, and disable remote access if not operationally required. Audit iDRAC access logs for any suspicious queries by privileged accounts and review recent credential access history to detect potential misuse prior to patching.

Share

CVE-2026-26948 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy