Skip to main content

Device Management Agent

4 CVEs product

Monthly

CVE-2026-41121 HIGH PATCH This Week

Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. There is no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.12% (3rd percentile), but the SSVC technical impact is rated 'total', reflecting the complete compromise achievable once a foothold exists.

Dell Information Disclosure Device Management Agent
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26949 MEDIUM This Month

Dell Device Management Agent versions before 26.02 suffer from an authorization bypass that allows local attackers with low privileges to escalate their access on affected systems. The vulnerability stems from improper privilege validation and requires only local access with no user interaction to exploit. No patch is currently available for this issue.

Authentication Bypass Dell Device Management Agent
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22760 LOW Monitor

Device Management Agent versions up to 26.02 is affected by improper check for unusual or exceptional conditions (CVSS 3.3).

Denial Of Service Device Management Agent
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-22285 MEDIUM This Month

Dell Device Management Agent versions before 26.02 store passwords in plaintext, allowing high-privileged local attackers to gain unauthorized access to sensitive systems. The vulnerability requires administrative-level access and local presence but poses a confidentiality risk to affected deployments. No patch is currently available.

Authentication Bypass Dell Device Management Agent
NVD
CVSS 3.1
4.4
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. There is no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.12% (3rd percentile), but the SSVC technical impact is rated 'total', reflecting the complete compromise achievable once a foothold exists.

Dell Information Disclosure Device Management Agent
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Device Management Agent versions before 26.02 suffer from an authorization bypass that allows local attackers with low privileges to escalate their access on affected systems. The vulnerability stems from improper privilege validation and requires only local access with no user interaction to exploit. No patch is currently available for this issue.

Authentication Bypass Dell Device Management Agent
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Device Management Agent versions up to 26.02 is affected by improper check for unusual or exceptional conditions (CVSS 3.3).

Denial Of Service Device Management Agent
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell Device Management Agent versions before 26.02 store passwords in plaintext, allowing high-privileged local attackers to gain unauthorized access to sensitive systems. The vulnerability requires administrative-level access and local presence but poses a confidentiality risk to affected deployments. No patch is currently available.

Authentication Bypass Dell Device Management Agent
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy