Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Physical access is the only vector (AV:P); no credentials required (PR:N); high confidentiality and integrity impact from encrypted data exposure and potential modification; no availability impact.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data.
AnalysisAI
Protection mechanism failure in Dell ThinOS 10 (versions prior to 2605_10.2100) allows an unauthenticated attacker with physical device access to bypass encryption controls and gain unauthorized read and write access to data stored on the thin client. The flaw, classified as CWE-693, indicates the encryption or authentication protection subsystem can be circumvented without any credentials, consistent with the Authentication Bypass tag and CVSS PR:N rating. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Physical possession of a Dell ThinOS 10 device running a version prior to 2605_10.2100 is the sole required condition, as confirmed by the CVSS AV:P vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 6.1 (Medium) is driven primarily by the Physical attack vector (AV:P), which meaningfully constrains the exploitable population to scenarios involving physical device access - theft, unattended endpoints, supply chain interception, or insider physical access. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker physically obtains a Dell ThinOS 10 device - through theft, unattended access at a healthcare kiosk, or interception during shipping - and exploits the protection mechanism failure to bypass disk encryption or data access controls without any credentials. The low complexity (AC:L) and no required privileges (PR:N) suggest the bypass is achievable through a straightforward procedure (e.g., boot manipulation or direct hardware interface), yielding access to all protected data on the device. … |
| Remediation | Upgrade Dell ThinOS 10 to version 2605_10.2100 or later as documented in Dell Security Advisory DSA-2026-300 (https://www.dell.com/support/kbdoc/en-us/000489640/dsa-2026-300-security-update-for-dell-thinos-10-for-multiple-vulnerabilities). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44741
GHSA-hvgj-r9vm-qfjw