Skip to main content

Inventory Collector Client

1 CVEs product

Monthly

CVE-2026-41116 MEDIUM PATCH This Month

Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.

Information Disclosure Dell Inventory Collector Client
NVD
CVSS 3.1
6.3
EPSS
0.0%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.

Information Disclosure Dell Inventory Collector Client
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy