Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.
AnalysisAI
Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.
Technical ContextAI
Dell Inventory Collector Client is a software agent used for hardware and software inventory collection in Dell ecosystem environments. The root cause is CWE-1386 (Symbolic Name not Mapping to Correct Object), a class of vulnerability where the application resolves a symbolic or hard link at file-access time without verifying that the resolved target is the intended resource. This is a class of TOCTOU (Time-of-Check Time-of-Use) adjacent flaw: the application checks a path or name, then accesses the resolved target, allowing an attacker who can manipulate the filesystem between those two moments to redirect a privileged write operation. The CVSS vector AV:L/AC:H/PR:L indicates the attack requires local presence and low OS-level privileges, but the high complexity (AC:H) reflects timing or race condition requirements typical of link-following exploits. Affected scope per CPE: cpe:2.3:a:dell:inventory_collector_client:*:*:*:*:*:*:*:* covering all versions below 13.8.0.
RemediationAI
The primary remediation is to upgrade Dell Inventory Collector Client to version 13.8.0 or later, which resolves the improper link resolution flaw per Dell security advisory DSA-2026-215 (https://www.dell.com/support/kbdoc/en-us/000463760/dsa-2026-215). If immediate patching is not possible, compensating controls should focus on restricting local user access to directories where the Inventory Collector Client performs file write operations - for example, applying strict ACLs to prevent low-privileged users from creating symlinks or hard links in those paths. On Windows, enabling the 'Create symbolic links' privilege restriction (SeCreateSymbolicLinkPrivilege) to only administrative accounts limits exploitation surface, though this may affect other applications relying on symlinks. On Linux, setting the fs.protected_symlinks and fs.protected_hardlinks kernel parameters to 1 mitigates the broad class of link-following attacks but does not eliminate the risk entirely. These workarounds reduce attack surface but do not patch the root cause; upgrading to 13.8.0 remains the definitive fix.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35766
GHSA-768m-67qh-jmhr