Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description confirms local access by a low-privileged attacker (AV:L, PR:L), no user interaction, and command execution yielding full C/I/A impact.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
AnalysisAI
OS command injection in Dell Display and Peripheral Manager (DDPM) for macOS, all versions prior to 2.3, allows a low-privileged local user to inject and execute arbitrary operating-system commands through improperly neutralized special elements (CWE-78). Because the affected component is a privileged peripheral-management utility, successful injection can yield command execution with full impact to confidentiality, integrity, and availability. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that Dell Display and Peripheral Manager (version below 2.3) be installed on the target macOS host, and that the attacker already possess local access with a low-privileged account (CVSS PR:L, AV:L) - there is no network-facing component and no user interaction is needed (UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.8 (High) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - local attack vector, low complexity, low privileges required, no user interaction, and high impact across all three security properties. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged user (or malware running in that user's context) on a Mac with DDPM installed supplies crafted input containing shell metacharacters to a DDPM function that builds an OS command, causing the application - potentially via a privileged helper - to execute attacker-chosen commands. This gives the attacker code execution and a path to escalate privileges or persist on the host. … |
| Remediation | Vendor-released patch: version 2.3 - upgrade Dell Display and Peripheral Manager for macOS to 2.3 or later, per Dell advisory DSA-2026-267 (https://www.dell.com/support/kbdoc/en-hk/000475656/dsa-2026-267). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running DDPM for macOS and identify versions in use. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local privilege escalation to code execution affects Dell Display and Peripheral Manager (DDPM) for Windows in all versi
Protection mechanism bypass in Dell Display and Peripheral Manager for Mac (versions prior to 2.3) stems from improper c
Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. Rated high
Local privilege escalation in Dell Display and Peripheral Manager (DDPM) for Mac, versions prior to 2.3, lets a low-priv
Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulne
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39410
GHSA-7hqh-37x3-vv4j