Skip to main content

Dell ThinOS CVE-2026-56087

| EUVDEUVD-2026-44741 MEDIUM
Protection Mechanism Failure (CWE-693)
2026-07-15 dell GHSA-hvgj-r9vm-qfjw
6.1
CVSS 3.1 · Vendor: dell
Share

Severity by source

Vendor (dell) PRIMARY
6.1 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
6.1 MEDIUM

Physical access is the only vector (AV:P); no credentials required (PR:N); high confidentiality and integrity impact from encrypted data exposure and potential modification; no availability impact.

3.1 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorVendor: dell

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Patch available
Jul 15, 2026 - 21:18 EUVD
Analysis Generated
Jul 15, 2026 - 18:34 vuln.today

DescriptionCVE.org

Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data.

AnalysisAI

Protection mechanism failure in Dell ThinOS 10 (versions prior to 2605_10.2100) allows an unauthenticated attacker with physical device access to bypass encryption controls and gain unauthorized read and write access to data stored on the thin client. The flaw, classified as CWE-693, indicates the encryption or authentication protection subsystem can be circumvented without any credentials, consistent with the Authentication Bypass tag and CVSS PR:N rating. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain physical access to thin client
Exploit
Trigger protection mechanism bypass
Impact
Access or modify encrypted device data

Vulnerability AssessmentAI

Exploitation Physical possession of a Dell ThinOS 10 device running a version prior to 2605_10.2100 is the sole required condition, as confirmed by the CVSS AV:P vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 6.1 (Medium) is driven primarily by the Physical attack vector (AV:P), which meaningfully constrains the exploitable population to scenarios involving physical device access - theft, unattended endpoints, supply chain interception, or insider physical access. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker physically obtains a Dell ThinOS 10 device - through theft, unattended access at a healthcare kiosk, or interception during shipping - and exploits the protection mechanism failure to bypass disk encryption or data access controls without any credentials. The low complexity (AC:L) and no required privileges (PR:N) suggest the bypass is achievable through a straightforward procedure (e.g., boot manipulation or direct hardware interface), yielding access to all protected data on the device. …
Remediation Upgrade Dell ThinOS 10 to version 2605_10.2100 or later as documented in Dell Security Advisory DSA-2026-300 (https://www.dell.com/support/kbdoc/en-us/000489640/dsa-2026-300-security-update-for-dell-thinos-10-for-multiple-vulnerabilities). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56087 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy