Device Management Agent
CVE-2026-26949
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
AnalysisAI
Dell Device Management Agent versions before 26.02 suffer from an authorization bypass that allows local attackers with low privileges to escalate their access on affected systems. The vulnerability stems from improper privilege validation and requires only local access with no user interaction to exploit. No patch is currently available for this issue.
Technical ContextAI
Classified as CWE-863 (Incorrect Authorization). Affects Device Management Agent. Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
RemediationAI
Monitor vendor advisories for a patch.
More in Device Management Agent
View allLocal privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticate
Dell Device Management Agent versions before 26.02 store passwords in plaintext, allowing high-privileged local attacker
Device Management Agent versions up to 26.02 is affected by improper check for unusual or exceptional conditions (CVSS 3
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today