Severity by source
AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
Physical access (AV:P) and high complexity (AC:H) confirmed by description; PR:N because bypass defeats authentication itself; I:H reflects BIOS control modification risk beyond mere disclosure.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
Lifecycle Timeline
3DescriptionCVE.org
Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
AnalysisAI
Physical-access authentication bypass in Dell Client Platform BIOS (CWE-305) affects a sweeping range of Dell consumer, gaming, and enterprise platforms - including Inspiron, Alienware, Latitude, OptiPlex, and Precision lines. An unauthenticated attacker with physical access and the ability to meet high-complexity attack conditions can bypass the primary BIOS authentication mechanism, resulting in information disclosure and, per the CVSS integrity metric (I:H), potential high-integrity impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Physical presence at the affected Dell device is the mandatory prerequisite - the CVSS vector AV:P explicitly requires physical access, and remote exploitation is impossible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is substantially mitigated by the physical access requirement (AV:P) and high attack complexity (AC:H), placing this firmly in the category of local/physical adversary scenarios. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker gains unsupervised physical access to an affected Dell laptop or desktop - for example, in a hotel room, shared office, or during device transit - and interacts directly with the BIOS interface using a technique that exploits the primary authentication weakness (CWE-305) to bypass the BIOS supervisor or user password. With high attack complexity acknowledged (AC:H), the attacker likely requires specific knowledge of the bypass method, such as a particular keystroke sequence, hardware interaction, or firmware state manipulation. … |
| Remediation | The primary remediation is to apply updated BIOS firmware as released by Dell and detailed in advisory DSA-2026-195 at https://www.dell.com/support/kbdoc/en-us/000452197/dsa-2026-195. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-305 – Authentication Bypass by Primary Weakness
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41525
GHSA-665g-qf3w-4vf7