CVE-2026-23857 | THREATINT

Description

Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

PUBLISHED Reserved 2026-01-16 | Published 2026-02-12 | Updated 2026-02-13 | Assigner dell

HIGH: 8.2CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-280: Improper Handling of Insufficient Permissions or Privileges

Product status

Default status

unaffected

25.02.00 (semver)

affected

References

www.dell.com/...l-update-package-dup-framework-vulnerability vendor-advisory

cve.org (CVE-2026-23857)

nvd.nist.gov (CVE-2026-23857)

Download JSON