Skip to main content

Dell Device Management Agent CVE-2026-41121

| EUVDEUVD-2026-41117 HIGH
Improper Link Resolution Before File Access (CWE-59)
2026-07-01 dell GHSA-wwmx-3p39-rx9c
7.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (dell) PRIMARY
HIGH
qualitative
NVD
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local link-following LPE needing an existing low-priv session (AV:L, PR:L), no user interaction and low complexity, yielding total host compromise (C:H/I:H/A:H).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

8
Analysis Updated
Jul 06, 2026 - 21:38 vuln.today
v5 (cvss_changed)
Analysis Updated
Jul 06, 2026 - 21:37 vuln.today
v4 (cvss_changed)
Analysis Updated
Jul 06, 2026 - 21:36 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 06, 2026 - 21:35 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 06, 2026 - 20:52 vuln.today
cvss_changed
CVSS changed
Jul 06, 2026 - 20:52 NVD
7.3 (HIGH) 7.8 (HIGH)
Patch available
Jul 01, 2026 - 20:02 EUVD
Analysis Generated
Jul 01, 2026 - 19:33 vuln.today

DescriptionNVD

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

AnalysisAI

Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local session
Delivery
Plant malicious symlink/junction in agent path
Exploit
Privileged agent follows link during file op
Execution
Redirect write to sensitive target
Impact
Gain SYSTEM/root-level control

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already have a low-privileged local (interactive or code-execution) session on a host running Dell Device Management Agent below version 26.05 (CVSS PR:L, AV:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a credible but locally-scoped priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already holds a low-privileged local account on a Dell-managed endpoint (for example via phishing-delivered malware or a compromised standard user) plants a symbolic link or junction in a directory the DDMA agent operates on, so that a routine privileged file operation by the agent follows the link to a sensitive target. When the SYSTEM/root-level agent performs the operation, it overwrites or acts on the attacker-chosen file, granting the attacker code execution or file control at system privilege. …
Remediation Vendor-released patch: DDMA 26.05 - upgrade Dell Device Management Agent to version 26.05 or later on all managed endpoints per Dell advisory DSA-2026-258 (https://www.dell.com/support/kbdoc/en-us/000473690/dsa-2026-258), which is the primary and recommended fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running DDMA versions prior to 26.05 using endpoint management tools. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-41121 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy