Thinos 10
Monthly
Unauthorized access in Dell ThinOS 10 (versions prior to 2605_10.2100) stems from an obsolete UI feature (CWE-448) that a low-privileged local attacker can abuse to bypass authentication controls. With valid low-level local access to the thin-client, an attacker can leverage the leftover interface path to reach functionality or data they should not have, yielding high confidentiality, integrity, and availability impact per the CVSS 7.8 (High) rating. No public exploit identified at time of analysis; the flaw was reported by Dell and disclosed in advisory DSA-2026-300.
Protection mechanism failure in Dell ThinOS 10 (versions prior to 2605_10.2100) allows an unauthenticated attacker with physical device access to bypass encryption controls and gain unauthorized read and write access to data stored on the thin client. The flaw, classified as CWE-693, indicates the encryption or authentication protection subsystem can be circumvented without any credentials, consistent with the Authentication Bypass tag and CVSS PR:N rating. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, though the physical access constraint limits but does not eliminate risk in environments with unattended or theft-prone thin clients.
Unauthorized access in Dell ThinOS 10 (versions prior to 2605_10.2100) stems from an obsolete UI feature (CWE-448) that a low-privileged local attacker can abuse to bypass authentication controls. With valid low-level local access to the thin-client, an attacker can leverage the leftover interface path to reach functionality or data they should not have, yielding high confidentiality, integrity, and availability impact per the CVSS 7.8 (High) rating. No public exploit identified at time of analysis; the flaw was reported by Dell and disclosed in advisory DSA-2026-300.
Protection mechanism failure in Dell ThinOS 10 (versions prior to 2605_10.2100) allows an unauthenticated attacker with physical device access to bypass encryption controls and gain unauthorized read and write access to data stored on the thin client. The flaw, classified as CWE-693, indicates the encryption or authentication protection subsystem can be circumvented without any credentials, consistent with the Authentication Bypass tag and CVSS PR:N rating. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, though the physical access constraint limits but does not eliminate risk in environments with unattended or theft-prone thin clients.