Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
AnalysisAI
Arbitrary file write in Dell/Alienware Purchased Apps versions prior to 1.1.32.0 is achievable by a low-privileged local attacker through a link-following (CWE-59) flaw, enabling overwrite of files at elevated privilege levels and resulting in high integrity and availability impact. The CVSS vector (AV:L/AC:H/PR:L) confirms local access with high attack complexity is required, suggesting exploitation likely involves a race condition or carefully staged symlink placement. No active exploitation is confirmed (not in CISA KEV), and a vendor-released patch is available at version 1.1.32.0.
Technical ContextAI
CWE-59 (Improper Link Resolution Before File Access, 'Link Following') describes a class of vulnerabilities where an application resolves a symbolic or hard link to a file path without adequate validation, allowing an attacker to redirect file operations to unintended targets. In this case, Dell/Alienware Purchased Apps - identified via CPE cpe:2.3:a:dell:dell/alienware_purchased_apps:*:*:*:*:*:*:*:* - performs file creation or modification operations using a path that a low-privileged user can influence by pre-placing a symlink. The CVSS confidentiality impact of C:N indicates no sensitive data is read during exploitation, but the high integrity (I:H) and availability (A:H) scores confirm that attacker-controlled content can be written to arbitrary locations, potentially corrupting system files or escalating privileges. The high attack complexity (AC:H) is characteristic of race-condition-dependent symlink attacks, where timing between symlink placement and file access is critical. It is also worth noting a discrepancy in the provided metadata: the tags include 'Information Disclosure', yet the CVSS vector explicitly records C:N (no confidentiality impact) and the description describes Arbitrary File Write - this inconsistency should be verified against the full vendor advisory DSA-2026-250.
RemediationAI
The primary remediation is to update Dell/Alienware Purchased Apps to version 1.1.32.0 or later, which addresses the link-following vulnerability. The patch is available through the Dell support portal and the vendor advisory DSA-2026-250 at https://www.dell.com/support/kbdoc/en-us/000472463/dsa-2026-250. For environments where immediate patching is not feasible, compensating controls should focus on limiting local account access: restrict interactive logon rights to only necessary users on affected systems, audit and enforce least-privilege principles for user accounts, and monitor file system activity in directories used by the Purchased Apps application for unexpected symbolic link creation (e.g., via Windows audit policies for object access or EDR file system telemetry). Note that these compensating controls raise the effective attack complexity but do not eliminate the vulnerability - patching remains the only confirmed fix. Exact patch version 1.1.32.0 is confirmed by the vendor advisory and EUVD data.
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35788
GHSA-g9cv-3h6q-p67m