Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local link-following LPE needing an existing low-priv session (AV:L, PR:L), no user interaction and low complexity, yielding total host compromise (C:H/I:H/A:H).
Primary rating from Vendor (dell).
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
8DescriptionNVD
Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
AnalysisAI
Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already have a low-privileged local (interactive or code-execution) session on a host running Dell Device Management Agent below version 26.05 (CVSS PR:L, AV:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This is a credible but locally-scoped priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already holds a low-privileged local account on a Dell-managed endpoint (for example via phishing-delivered malware or a compromised standard user) plants a symbolic link or junction in a directory the DDMA agent operates on, so that a routine privileged file operation by the agent follows the link to a sensitive target. When the SYSTEM/root-level agent performs the operation, it overwrites or acts on the attacker-chosen file, granting the attacker code execution or file control at system privilege. … |
| Remediation | Vendor-released patch: DDMA 26.05 - upgrade Dell Device Management Agent to version 26.05 or later on all managed endpoints per Dell advisory DSA-2026-258 (https://www.dell.com/support/kbdoc/en-us/000473690/dsa-2026-258), which is the primary and recommended fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running DDMA versions prior to 26.05 using endpoint management tools. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Device Management Agent
View allDell Device Management Agent versions before 26.02 suffer from an authorization bypass that allows local attackers with
Dell Device Management Agent versions before 26.02 store passwords in plaintext, allowing high-privileged local attacker
Device Management Agent versions up to 26.02 is affected by improper check for unusual or exceptional conditions (CVSS 3
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41117
GHSA-wwmx-3p39-rx9c