Skip to main content

Dell Inventory Collector Client CVE-2026-41116

| EUVDEUVD-2026-35766 MEDIUM
Insecure Operation on Windows Junction / Mount Point (CWE-1386)
2026-06-09 dell GHSA-768m-67qh-jmhr
6.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 19:58 vuln.today
Patch available
Jun 09, 2026 - 19:03 EUVD

DescriptionCVE.org

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.

AnalysisAI

Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.

Technical ContextAI

Dell Inventory Collector Client is a software agent used for hardware and software inventory collection in Dell ecosystem environments. The root cause is CWE-1386 (Symbolic Name not Mapping to Correct Object), a class of vulnerability where the application resolves a symbolic or hard link at file-access time without verifying that the resolved target is the intended resource. This is a class of TOCTOU (Time-of-Check Time-of-Use) adjacent flaw: the application checks a path or name, then accesses the resolved target, allowing an attacker who can manipulate the filesystem between those two moments to redirect a privileged write operation. The CVSS vector AV:L/AC:H/PR:L indicates the attack requires local presence and low OS-level privileges, but the high complexity (AC:H) reflects timing or race condition requirements typical of link-following exploits. Affected scope per CPE: cpe:2.3:a:dell:inventory_collector_client:*:*:*:*:*:*:*:* covering all versions below 13.8.0.

RemediationAI

The primary remediation is to upgrade Dell Inventory Collector Client to version 13.8.0 or later, which resolves the improper link resolution flaw per Dell security advisory DSA-2026-215 (https://www.dell.com/support/kbdoc/en-us/000463760/dsa-2026-215). If immediate patching is not possible, compensating controls should focus on restricting local user access to directories where the Inventory Collector Client performs file write operations - for example, applying strict ACLs to prevent low-privileged users from creating symlinks or hard links in those paths. On Windows, enabling the 'Create symbolic links' privilege restriction (SeCreateSymbolicLinkPrivilege) to only administrative accounts limits exploitation surface, though this may affect other applications relying on symlinks. On Linux, setting the fs.protected_symlinks and fs.protected_hardlinks kernel parameters to 1 mitigates the broad class of link-following attacks but does not eliminate the risk entirely. These workarounds reduce attack surface but do not patch the root cause; upgrading to 13.8.0 remains the definitive fix.

Share

CVE-2026-41116 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy