Skip to main content

Dell Client BIOS CVE-2026-35159

| EUVDEUVD-2026-41525 MEDIUM
Authentication Bypass by Primary Weakness (CWE-305)
2026-07-03 dell GHSA-665g-qf3w-4vf7
Authentication Bypass Dell Information Disclosure Inspiron 15 3520 G15 5530 Alienware 16 Area 51 Aa16250 Alienware 16 Aurora Ac16250 Alienware 16X Aurora Ac16251 Alienware 18 Area 51 Aa18250 Alienware Area 51 Aat2250 Alienware Aurora Act1250 Alienware M15 R6 Alienware M15 R7 Alienware M16 R1 Alienware M16 R2 Alienware M18 R1 Alienware M18 R2 Alienware X14 R2 Alienware X16 R1 Alienware X16 R2 Chengming 3900 Chengming 3910 3911 Dell 14 Dc14250 14 Plus 2 In 1 Db04250 14 Plus Db14250 15 Dc15250 16 Plus 2 In 1 Db06250 16 Plus Db16250 24 All In One Ec24250 27 All In One Ec27250 G15 5510 G15 5511 G15 5520 G16 7620 G16 7630 Pro 13 Plus Pb13250 Pro 13 Plus Pb13255 Pro 13 Premium Pa13250 Pro 14 Essential Pv14250 Pro 14 Pc14250 Pro 14 Plus Pb14250 Pro 14 Plus Pb14255 Pro 14 Premium Pa14250 Pro 16 Pc16250 Pro 16 Plus Pb16250 Pro 16 Plus Pb16255 Pro 24 All In One Plus Qb24250 Pro 24 All In One Qc24250 Pro 24 All In One Qc24251 Pro Laptop Pc14250 Pro Laptop Pc16250 Pro Max 14 Mc14250 Pro Max 14 Mc14255 Pro Max 16 Mc16250 Pro Max 16 Mc16255 Pro Max Micro Fcm2250 Pro Max Slim Fcs1250 Pro Max Tower T2 Fct2250 Pro Micro Qcm1255 Pro Micro Plus Qbm1250 Pro Micro Qcm1250 Pro Micro Micro Plus Qcm1250 Qbm1250 Pro Precision 7 T1 Pro Rugged 10 Tablets Pro Rugged 12 Tablet Pro Rugged 13 Ra13250 Pro Rugged 14 Rb14250 Pro Slim Qcs1255 Pro Slim Essential Qvs1260 Pro Slim Plus Qbs1250 Pro Slim Qcs1250 Pro Tower Qct1255 Pro Tower Essential Qvt1260 Pro Tower Plus Qbt1250 Pro Tower Qct1250 Slim Ecs1250 Tower Ect1250 Inspiron 13 5330 Inspiron 14 5420 Inspiron 14 5430 Inspiron 14 5440 Inspiron 14 7430 2 In 1 Inspiron 14 7440 2 In 1 Inspiron 14 Plus 7420 Inspiron 14 Plus 7430 Inspiron 14 Plus 7440 Inspiron 15 3511 Inspiron 15 3530 Inspiron 16 5620 Inspiron 16 5630 Inspiron 16 5640 Inspiron 16 7630 2 In 1 Inspiron 16 7640 2 In 1 Inspiron 16 Plus 7620 Inspiron 16 Plus 7630 Inspiron 16 Plus 7640 Inspiron 24 5420 All In One Inspiron 24 5430 All In One Inspiron 27 7720 All In One Inspiron 27 7730 All In One Inspiron 3020 Desktop Inspiron 3020 S Inspiron 3030 Inspiron 3030S Inspiron 5410 All In One Inspiron 7710 All In One Latitude 3320 Latitude 3340 Latitude 5320 Latitude 5330 Latitude 5340 Latitude 5350 Latitude 5421 Latitude 5430 Latitude 5430 Rugged Laptop Latitude 5431 Latitude 5440 Latitude 5450 Latitude 5520 Latitude 5521 Latitude 5530 Latitude 5531 Latitude 5540 Latitude 5550 Latitude 7030 Rugged Extreme Latitude 7230 Rugged Extreme Latitude 7320 Latitude 7320 Detachable Latitude 7330 Latitude 7330 Rugged Laptop Latitude 7340 Latitude 7350 Latitude 7420 Latitude 7430 Latitude 7440 Latitude 7450 Latitude 7520 Latitude 7530 Latitude 7640 Latitude 7650 Latitude 9330 Latitude 9420 Latitude 9430 Latitude 9440 2 In 1 Latitude 9450 Latitude 9520 Optiplex 3000 Micro Optiplex 3000 Small Form Factor Optiplex 3000 Tower Optiplex 3000 Thin Client Optiplex 3090 Ultra Optiplex 5000 Micro Optiplex 5000 Small Form Factor Optiplex 5000 Tower Optiplex 5090 Micro Optiplex 5090 Small Form Factor Optiplex 5090 Tower Optiplex 5400 All In One Optiplex 5490 Aio Optiplex 7000 Micro Optiplex 7000 Small Form Factor Optiplex 7000 Tower Optiplex 7000 Xe Micro Optiplex 7000 Oem Mt Optiplex 7090 Tower Optiplex 7090 Ultra Optiplex 7400 All In One Optiplex 7490 Aio Optiplex Aio 7420 Optiplex All In One 7410 Optiplex Micro 7010 Optiplex Micro Plus 7010 Optiplex Micro 7020 Optiplex Sff 7020 Optiplex Small Form Factor 7010 Optiplex Small Form Factor Plus 7010 Optiplex Tower 7010 Optiplex Tower Plus 7010 Optiplex Tower 7020 Optiplex Xe4 Sff Pc14255 Pc16255 Precision 3260 Xe Compact Precision 3260 Compact Precision 3280 Cff Precision 3450 Precision 3460 Xe Small Form Factor Precision 3460 Small Form Factor Precision 3470 Precision 3480 Precision 3490 Precision 3560 Precision 3561 Precision 3570 Precision 3571 Precision 3580 Precision 3581 Precision 3590 Precision 3591
5.3
CVSS 3.1 · Vendor: dell
Share

Severity by source

Vendor (dell) PRIMARY
5.3 MEDIUM
AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
vuln.today AI
5.3 MEDIUM

Physical access (AV:P) and high complexity (AC:H) confirmed by description; PR:N because bypass defeats authentication itself; I:H reflects BIOS control modification risk beyond mere disclosure.

3.1 AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
4.0 AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorVendor: dell

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

3
Patch available
Jul 03, 2026 - 10:01 EUVD
Analysis Generated
Jul 03, 2026 - 09:17 vuln.today
CVE Published
Jul 03, 2026 - 08:08 cve.org
MEDIUM 5.3

DescriptionCVE.org

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

AnalysisAI

Physical-access authentication bypass in Dell Client Platform BIOS (CWE-305) affects a sweeping range of Dell consumer, gaming, and enterprise platforms - including Inspiron, Alienware, Latitude, OptiPlex, and Precision lines. An unauthenticated attacker with physical access and the ability to meet high-complexity attack conditions can bypass the primary BIOS authentication mechanism, resulting in information disclosure and, per the CVSS integrity metric (I:H), potential high-integrity impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain physical access to target Dell device
Delivery
Enter BIOS pre-boot environment
Exploit
Trigger authentication bypass via primary weakness
Execution
Access BIOS configuration without credentials
Impact
Read sensitive BIOS settings or modify integrity-affecting controls

Vulnerability AssessmentAI

Exploitation Physical presence at the affected Dell device is the mandatory prerequisite - the CVSS vector AV:P explicitly requires physical access, and remote exploitation is impossible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is substantially mitigated by the physical access requirement (AV:P) and high attack complexity (AC:H), placing this firmly in the category of local/physical adversary scenarios. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker gains unsupervised physical access to an affected Dell laptop or desktop - for example, in a hotel room, shared office, or during device transit - and interacts directly with the BIOS interface using a technique that exploits the primary authentication weakness (CWE-305) to bypass the BIOS supervisor or user password. With high attack complexity acknowledged (AC:H), the attacker likely requires specific knowledge of the bypass method, such as a particular keystroke sequence, hardware interaction, or firmware state manipulation. …
Remediation The primary remediation is to apply updated BIOS firmware as released by Dell and detailed in advisory DSA-2026-195 at https://www.dell.com/support/kbdoc/en-us/000452197/dsa-2026-195. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-35159 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy