Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-305
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CVE-2026-2652 (GCVE-0-2026-2652)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:13 – Updated: 2026-05-15 13:22
VLAI
EPSS
VEX
Title
Authentication Bypass in mlflow/mlflow
Summary
A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces authentication on `/gateway/` routes, leaving other routes such as the Job API (`/ajax-api/3.0/jobs/*`) and the OpenTelemetry trace ingestion API (`/v1/traces`) unprotected. This allows unauthenticated remote attackers to submit jobs, read job results, cancel running jobs, and inject arbitrary trace data into experiments. The issue arises from an architectural mismatch between Flask and FastAPI authentication mechanisms, where the `_find_fastapi_validator()` function fails to handle non-`/gateway/` paths, resulting in a complete authentication bypass. This vulnerability is fixed in version 3.10.0.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mlflow | mlflow/mlflow |
Affected:
unspecified , < 3.10.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2652",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:22:14.645523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:22:21.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/5aeff5f0-49c7-4180-b5cb-c9a046f16756"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mlflow/mlflow",
"vendor": "mlflow",
"versions": [
{
"lessThan": "3.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces authentication on `/gateway/` routes, leaving other routes such as the Job API (`/ajax-api/3.0/jobs/*`) and the OpenTelemetry trace ingestion API (`/v1/traces`) unprotected. This allows unauthenticated remote attackers to submit jobs, read job results, cancel running jobs, and inject arbitrary trace data into experiments. The issue arises from an architectural mismatch between Flask and FastAPI authentication mechanisms, where the `_find_fastapi_validator()` function fails to handle non-`/gateway/` paths, resulting in a complete authentication bypass. This vulnerability is fixed in version 3.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:13:19.541Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/5aeff5f0-49c7-4180-b5cb-c9a046f16756"
},
{
"url": "https://github.com/mlflow/mlflow/commit/bb62e773263c14e9ba4d1a82fe72d0de2442c6aa"
}
],
"source": {
"advisory": "5aeff5f0-49c7-4180-b5cb-c9a046f16756",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass in mlflow/mlflow"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2026-2652",
"datePublished": "2026-05-15T02:13:19.541Z",
"dateReserved": "2026-02-18T02:53:33.607Z",
"dateUpdated": "2026-05-15T13:22:21.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28536 (GCVE-0-2026-28536)
Vulnerability from cvelistv5 – Published: 2026-03-05 07:10 – Updated: 2026-03-05 15:17
VLAI
EPSS
VEX
Summary
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:16:54.435170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:17:03.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality."
}
],
"value": "Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:10:39.237Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28536",
"datePublished": "2026-03-05T07:10:39.237Z",
"dateReserved": "2026-02-28T03:58:12.087Z",
"dateUpdated": "2026-03-05T15:17:03.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3047 (GCVE-0-2026-3047)
Vulnerability from cvelistv5 – Published: 2026-03-05 18:28 – Updated: 2026-06-30 12:08
VLAI
EPSS
VEX
Title
Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login
Summary
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:3925 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3926 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3947 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3948 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-3047 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2441966 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2.14-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2-16 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2.14 |
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4.10-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4-12 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4.10 |
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2 |
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
cpe:/a:redhat:build_keycloak:26.4::el9 |
Date Public
2026-03-05 11:24
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T18:13:06.967396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:13:14.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat build of Keycloak 26.2.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat build of Keycloak 26.4.10",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-05T11:24:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:08:19.870Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-3047"
},
{
"name": "RHBZ#2441966",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3047.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3925"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3926"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:3925: Red Hat build of Keycloak 26.2"
},
{
"lang": "en",
"value": "RHSA-2026:3948: Red Hat build of Keycloak 26.4"
},
{
"lang": "en",
"value": "RHSA-2026:3926: Red Hat build of Keycloak 26.2.14"
},
{
"lang": "en",
"value": "RHSA-2026:3947: Red Hat build of Keycloak 26.4.10"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-23T17:29:50.192Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-05T11:24:00.000Z",
"value": "Made public."
}
],
"title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2.14-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.2.14",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4.10-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.4.10",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-05T11:24:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T02:36:29.782Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:3925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3925"
},
{
"name": "RHSA-2026:3926",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3926"
},
{
"name": "RHSA-2026:3947",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"name": "RHSA-2026:3948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-3047"
},
{
"name": "RHBZ#2441966",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-23T17:29:50.192Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-05T11:24:00.000Z",
"value": "Made public."
}
],
"title": "Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-3047",
"datePublished": "2026-03-05T18:28:36.337Z",
"dateReserved": "2026-02-23T17:30:53.926Z",
"dateUpdated": "2026-06-30T12:08:19.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30849 (GCVE-0-2026-30849)
Vulnerability from cvelistv5 – Published: 2026-03-23 19:10 – Updated: 2026-03-24 18:30
VLAI
EPSS
VEX
Title
MantisBT SOAP API has an authentication bypass vulnerability on MySQL
Summary
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion from string to integer. Using a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to. Version 2.28.1 contains a patch. Disabling the SOAP API significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mantisbt/mantisbt/security/adv… | x_refsource_CONFIRM |
| https://github.com/mantisbt/mantisbt/commit/b349e… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T18:29:55.283729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T18:30:05.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mantisbt",
"vendor": "mantisbt",
"versions": [
{
"status": "affected",
"version": "\u003c 2.28.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion from string to integer. Using a crafted SOAP envelope, an attacker knowing the victim\u0027s username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to. Version 2.28.1 contains a patch. Disabling the SOAP API significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T19:10:34.345Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f"
}
],
"source": {
"advisory": "GHSA-phrq-pc6r-f6gh",
"discovery": "UNKNOWN"
},
"title": "MantisBT SOAP API has an authentication bypass vulnerability on MySQL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30849",
"datePublished": "2026-03-23T19:10:34.345Z",
"dateReserved": "2026-03-05T21:27:35.341Z",
"dateUpdated": "2026-03-24T18:30:05.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32730 (GCVE-0-2026-32730)
Vulnerability from cvelistv5 – Published: 2026-03-18 22:00 – Updated: 2026-03-19 16:12
VLAI
EPSS
VEX
Title
ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
Summary
ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA requirements were NOT — to be used as fully authenticated bearer tokens. This completely bypasses multi-factor authentication for any ApostropheCMS deployment using `@apostrophecms/login-totp` or any custom `afterPasswordVerified` login requirement. Version 4.28.0 fixes the issue.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apostrophecms/apostrophe/secur… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| apostrophecms | apostrophe |
Affected:
< 4.28.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32730",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-19T16:12:00.481300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T16:12:15.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "apostrophe",
"vendor": "apostrophecms",
"versions": [
{
"status": "affected",
"version": "\u003c 4.28.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incorrect MongoDB query that allows incomplete login tokens \u2014 where the password was verified but TOTP/MFA requirements were NOT \u2014 to be used as fully authenticated bearer tokens. This completely bypasses multi-factor authentication for any ApostropheCMS deployment using `@apostrophecms/login-totp` or any custom `afterPasswordVerified` login requirement. Version 4.28.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T22:00:14.612Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-v9xm-ffx2-7h35",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-v9xm-ffx2-7h35"
}
],
"source": {
"advisory": "GHSA-v9xm-ffx2-7h35",
"discovery": "UNKNOWN"
},
"title": "ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32730",
"datePublished": "2026-03-18T22:00:14.612Z",
"dateReserved": "2026-03-13T15:02:00.626Z",
"dateUpdated": "2026-03-19T16:12:15.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33472 (GCVE-0-2026-33472)
Vulnerability from cvelistv5 – Published: 2026-04-16 21:12 – Updated: 2026-04-20 15:00
VLAI
EPSS
VEX
Title
Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)
Summary
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing HTTPS URLs with port 80 to produce the same authority string as HTTP URLs, which defeats both the consistency check and the HTTP block validation. An attacker with write access to a cloud-synced vault.cryptomator file can craft a Hub configuration where apiBaseUrl and authEndpoint use HTTPS with port 80 to pass auto-trust validation, while tokenEndpoint uses plaintext HTTP. The vault is auto-trusted without user prompt, and a network-positioned attacker can intercept the OAuth token exchange to access the Cryptomator Hub API as the victim. This issue has been fixed in version 1.19.2.
Severity
4.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/cryptomator/cryptomator/securi… | x_refsource_CONFIRM |
| https://github.com/cryptomator/cryptomator/pull/4179 | x_refsource_MISC |
| https://github.com/cryptomator/cryptomator/releas… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cryptomator | cryptomator |
Affected:
>= 1.19.1, < 1.19.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33472",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T14:50:12.860065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T15:00:33.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.19.1, \u003c 1.19.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing HTTPS URLs with port 80 to produce the same authority string as HTTP URLs, which defeats both the consistency check and the HTTP block validation. An attacker with write access to a cloud-synced vault.cryptomator file can craft a Hub configuration where apiBaseUrl and authEndpoint use HTTPS with port 80 to pass auto-trust validation, while tokenEndpoint uses plaintext HTTP. The vault is auto-trusted without user prompt, and a network-positioned attacker can intercept the OAuth token exchange to access the Cryptomator Hub API as the victim. This issue has been fixed in version 1.19.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T21:12:37.076Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p"
},
{
"name": "https://github.com/cryptomator/cryptomator/pull/4179",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/pull/4179"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.2"
}
],
"source": {
"advisory": "GHSA-9q8x-whrw-x44p",
"discovery": "UNKNOWN"
},
"title": "Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33472",
"datePublished": "2026-04-16T21:12:37.076Z",
"dateReserved": "2026-03-20T16:16:48.969Z",
"dateUpdated": "2026-04-20T15:00:33.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33496 (GCVE-0-2026-33496)
Vulnerability from cvelistv5 – Published: 2026-03-26 17:29 – Updated: 2026-03-30 11:20
VLAI
EPSS
VEX
Title
Ory Oathkeeper has an authentication bypass by cache key confusion
Summary
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Ory Oathkeeper has to be configured with multiple `oauth2_introspection` authenticator servers, each accepting different tokens. The authenticators also must be configured to use caching. An attacker has to have a way to gain a valid token for one of the configured introspection servers. Starting in version 26.2.0, Ory Oathkeeper includes the introspection server URL in the cache key, preventing confusion of tokens. Update to the patched version of Ory Oathkeeper. If that is not immediately possible, disable caching for `oauth2_introspection` authenticators.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ory/oathkeeper/security/adviso… | x_refsource_CONFIRM |
| https://github.com/ory/oathkeeper/commit/198a2bc8… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ory | oathkeeper |
Affected:
< 26.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T11:19:21.527197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T11:20:55.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "oathkeeper",
"vendor": "ory",
"versions": [
{
"status": "affected",
"version": "\u003c 26.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ORY Oathkeeper is an Identity \u0026 Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Ory Oathkeeper has to be configured with multiple `oauth2_introspection` authenticator servers, each accepting different tokens. The authenticators also must be configured to use caching. An attacker has to have a way to gain a valid token for one of the configured introspection servers. Starting in version 26.2.0, Ory Oathkeeper includes the introspection server URL in the cache key, preventing confusion of tokens. Update to the patched version of Ory Oathkeeper. If that is not immediately possible, disable caching for `oauth2_introspection` authenticators."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "CWE-1289: Improper Validation of Unsafe Equivalence in Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T17:29:41.564Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ory/oathkeeper/security/advisories/GHSA-4mq7-pvjg-xp2r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ory/oathkeeper/security/advisories/GHSA-4mq7-pvjg-xp2r"
},
{
"name": "https://github.com/ory/oathkeeper/commit/198a2bc82a99e0a77bd0ffe290cbdd5285a1b17c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ory/oathkeeper/commit/198a2bc82a99e0a77bd0ffe290cbdd5285a1b17c"
}
],
"source": {
"advisory": "GHSA-4mq7-pvjg-xp2r",
"discovery": "UNKNOWN"
},
"title": "Ory Oathkeeper has an authentication bypass by cache key confusion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33496",
"datePublished": "2026-03-26T17:29:41.564Z",
"dateReserved": "2026-03-20T16:59:08.887Z",
"dateUpdated": "2026-03-30T11:20:55.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33892 (GCVE-0-2026-33892)
Vulnerability from cvelistv5 – Published: 2026-04-14 08:40 – Updated: 2026-04-14 13:46
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices.
This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.
Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device.
Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Industrial Edge Management Pro V1 |
Affected:
V1.7.6 , < V1.15.17
(custom)
|
|
| Siemens | Industrial Edge Management Pro V2 |
Affected:
V2.0.0 , < V2.1.1
(custom)
|
|
| Siemens | Industrial Edge Management Virtual |
Affected:
V2.2.0 , < V2.8.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T13:46:06.348573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:46:34.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management Pro V1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.15.17",
"status": "affected",
"version": "V1.7.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management Pro V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.1.1",
"status": "affected",
"version": "V2.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management Virtual",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.8.0",
"status": "affected",
"version": "V2.2.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions \u003e= V1.7.6 \u003c V1.15.17), Industrial Edge Management Pro V2 (All versions \u003e= V2.0.0 \u003c V2.1.1), Industrial Edge Management Virtual (All versions \u003e= V2.2.0 \u003c V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices.\r\nThis could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.\r\nSuccessful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device.\r\n\r\nExploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:40:46.807Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-609469.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-33892",
"datePublished": "2026-04-14T08:40:46.807Z",
"dateReserved": "2026-03-24T15:32:19.390Z",
"dateUpdated": "2026-04-14T13:46:34.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35159 (GCVE-0-2026-35159)
Vulnerability from cvelistv5 – Published: 2026-07-03 08:08 – Updated: 2026-07-07 02:13
VLAI
EPSS
VEX
Summary
Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00045219… | vendor-advisory |
Impacted products
230 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Inspiron 15 3520 |
Affected:
0 , < 1.41.0 or later
(semver)
|
|
| Dell | G15 5530 |
Affected:
0 , < 1.33.0 or later
(semver)
|
|
| Dell | Alienware 16 Area-51 AA16250 |
Affected:
0 , < 2.4.1 or later
(semver)
|
|
| Dell | Alienware 16 Aurora AC16250 |
Affected:
0 , < 1.13.0 or later
(semver)
|
|
| Dell | Alienware 16X Aurora AC16251 |
Affected:
0 , < 2.4.0 or later
(semver)
|
|
| Dell | Alienware 18 Area-51 AA18250 |
Affected:
0 , < 2.4.1 or later
(semver)
|
|
| Dell | Alienware Area-51 AAT2250 |
Affected:
0 , < 1.17.2 or later
(semver)
|
|
| Dell | Alienware Aurora ACT1250 |
Affected:
0 , < 1.16.2 or later
(semver)
|
|
| Dell | Alienware m15 R6 |
Affected:
0 , < 1.44.0 or later
(semver)
|
|
| Dell | Alienware m15 R7 |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | Alienware m16 R1 |
Affected:
0 , < 1.34.0 or later
(semver)
|
|
| Dell | Alienware m16 R2 |
Affected:
0 , < 1.21.0 or later
(semver)
|
|
| Dell | Alienware m18 R1 |
Affected:
0 , < 1.34.0 or later
(semver)
|
|
| Dell | Alienware M18 R2 |
Affected:
0 , < 1.22.0 or later
(semver)
|
|
| Dell | Alienware x14 R2 |
Affected:
0 , < 1.32.0 or later
(semver)
|
|
| Dell | Alienware x16 R1 |
Affected:
0 , < 1.32.0 or later
(semver)
|
|
| Dell | Alienware X16 R2 |
Affected:
0 , < 1.22.0 or later
(semver)
|
|
| Dell | ChengMing 3900 |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | ChengMing 3910/3911 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Dell 14 DC14250 |
Affected:
0 , < 1.7.0 or later
(semver)
|
|
| Dell | 14 Plus 2-in-1 DB04250 |
Affected:
0 , < 1.13.0 or later
(semver)
|
|
| Dell | 14 Plus DB14250 |
Affected:
0 , < 1.13.0 or later
(semver)
|
|
| Dell | 15 DC15250 |
Affected:
0 , < 1.10.0 or later
(semver)
|
|
| Dell | 16 Plus 2-in-1 DB06250 |
Affected:
0 , < 1.13.0 or later
(semver)
|
|
| Dell | 16 Plus DB16250 |
Affected:
0 , < 1.13.0 or later
(semver)
|
|
| Dell | 24 All-in-One EC24250 |
Affected:
0 , < 1.15.0 or later
(semver)
|
|
| Dell | 27 All-in-One EC27250 |
Affected:
0 , < 1.15.0 or later
(semver)
|
|
| Dell | G15 5510 |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | G15 5511 |
Affected:
0 , < 1.43.0 or later
(semver)
|
|
| Dell | G15 5520 |
Affected:
0 , < 1.41.0 or later
(semver)
|
|
| Dell | G16 7620 |
Affected:
0 , < 1.41.0 or later
(semver)
|
|
| Dell | G16 7630 |
Affected:
0 , < 1.33.0 or later
(semver)
|
|
| Dell | Pro 13 Plus PB13250 |
Affected:
0 , < 2.13.4 or later
(semver)
|
|
| Dell | Pro 13 Plus PB13255 |
Affected:
0 , < 1.15.0 or later
(semver)
|
|
| Dell | Pro 13 Premium PA13250 |
Affected:
0 , < 2.13.4 or later
(semver)
|
|
| Dell | Pro 14 Essential PV14250 |
Affected:
0 , < 1.6.0 or later
(semver)
|
|
| Dell | Pro 14 PC14250 |
Affected:
0 , < 1.15.2 or later
(semver)
|
|
| Dell | Pro 14 Plus PB14250 |
Affected:
0 , < 2.13.4 or later
(semver)
|
|
| Dell | Pro 14 Plus PB14255 |
Affected:
0 , < 1.15.0 or later
(semver)
|
|
| Dell | Pro 14 Premium PA14250 |
Affected:
0 , < 2.13.4 or later
(semver)
|
|
| Dell | Pro 16 PC16250 |
Affected:
0 , < 1.15.2 or later
(semver)
|
|
| Dell | Pro 16 Plus PB16250 |
Affected:
0 , < 2.13.4 or later
(semver)
|
|
| Dell | Pro 16 Plus PB16255 |
Affected:
0 , < 1.15.0 or later
(semver)
|
|
| Dell | Pro 24 All-In-One Plus QB24250 / Pro 24 All-In-One QC24250 / Pro 24 All-In-One QC24251 |
Affected:
0 , < 1.15.1 or later
(semver)
|
|
| Dell | Pro Laptop PC14250 |
Affected:
0 , < 1.15.2 or later
(semver)
|
|
| Dell | Pro Laptop PC16250 |
Affected:
0 , < 1.15.2 or later
(semver)
|
|
| Dell | Pro Max 14 MC14250 |
Affected:
0 , < 1.14.1 or later
(semver)
|
|
| Dell | Pro Max 14 MC14255 |
Affected:
0 , < 2.4.0 or later
(semver)
|
|
| Dell | Pro Max 16 MC16250 |
Affected:
0 , < 1.14.1 or later
(semver)
|
|
| Dell | Pro Max 16 MC16255 |
Affected:
0 , < 2.4.0 or later
(semver)
|
|
| Dell | Pro Max Micro FCM2250 |
Affected:
0 , < 1.15.2 or later
(semver)
|
|
| Dell | Pro Max Slim FCS1250 |
Affected:
0 , < 1.15.2 or later
(semver)
|
|
| Dell | Pro Max Tower T2 FCT2250 |
Affected:
0 , < 1.15.2 or later
(semver)
|
|
| Dell | Pro Micro / QCM1255 |
Affected:
0 , < 1.13.0 or later
(semver)
|
|
| Dell | Pro Micro Plus QBM1250 / Pro Micro QCM1250 |
Affected:
0 , < 1.15.1 or later
(semver)
|
|
| Dell | Pro Micro/Micro Plus QCM1250/QBM1250 |
Affected:
0 , < 1.15.1 or later
(semver)
|
|
| Dell | Pro Precision 7 T1 |
Affected:
0 , < 1.15.1 or later
(semver)
|
|
| Dell | Pro Rugged 10 Tablets |
Affected:
0 , < 1.9.0 or later
(semver)
|
|
| Dell | Pro Rugged 12 Tablet |
Affected:
0 , < 1.9.0 or later
(semver)
|
|
| Dell | Pro Rugged 13 RA13250 |
Affected:
0 , < 1.16.1 or later
(semver)
|
|
| Dell | Pro Rugged 14 RB14250 |
Affected:
0 , < 1.16.1 or later
(semver)
|
|
| Dell | Pro Slim / QCS1255 |
Affected:
0 , < 1.13.0 or later
(semver)
|
|
| Dell | Pro Slim Essential QVS1260 |
Affected:
0 , < 1.15.0 or later
(semver)
|
|
| Dell | Pro Slim Plus QBS1250 / Pro Slim QCS1250 |
Affected:
0 , < 1.15.1 or later
(semver)
|
|
| Dell | Pro Slim Plus QBS1250/Pro Slim QCS1250 |
Affected:
0 , < 1.15.1 or later
(semver)
|
|
| Dell | Pro Tower / QCT1255 |
Affected:
0 , < 1.13.0 or later
(semver)
|
|
| Dell | Pro Tower Essential QVT1260 |
Affected:
0 , < 1.15.0 or later
(semver)
|
|
| Dell | Pro Tower Plus QBT1250 / Pro Tower QCT1250 |
Affected:
0 , < 1.15.1 or later
(semver)
|
|
| Dell | Pro Tower Plus QBT1250/Pro Tower QCT1250 |
Affected:
0 , < 1.15.1 or later
(semver)
|
|
| Dell | Slim ECS1250 |
Affected:
0 , < 1.15.0 or later
(semver)
|
|
| Dell | Tower ECT1250 |
Affected:
0 , < 1.15.0 or later
(semver)
|
|
| Dell | Inspiron 13 5330 |
Affected:
0 , < 1.31.0 or later
(semver)
|
|
| Dell | Inspiron 14 5420 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Inspiron 14 5430 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Inspiron 14 5440 |
Affected:
0 , < 1.22.0 or later
(semver)
|
|
| Dell | Inspiron 14 7430 2-in-1 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Inspiron 14 7440 2-in-1 |
Affected:
0 , < 1.22.0 or later
(semver)
|
|
| Dell | Inspiron 14 Plus 7420 |
Affected:
0 , < 1.37.0 or later
(semver)
|
|
| Dell | Inspiron 14 Plus 7430 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Inspiron 14 Plus 7440 |
Affected:
0 , < 1.25.0 or later
(semver)
|
|
| Dell | Inspiron 15 3511 |
Affected:
0 , < 1.46.0 or later
(semver)
|
|
| Dell | Inspiron 15 3530 |
Affected:
0 , < 1.32.0 or later
(semver)
|
|
| Dell | Inspiron 16 5620 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Inspiron 16 5630 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Inspiron 16 5640 |
Affected:
0 , < 1.21.0 or later
(semver)
|
|
| Dell | Inspiron 16 7630 2-in-1 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Inspiron 16 7640 2-in-1 |
Affected:
0 , < 1.21.0 or later
(semver)
|
|
| Dell | Inspiron 16 Plus 7620 |
Affected:
0 , < 1.37.0 or later
(semver)
|
|
| Dell | Inspiron 16 Plus 7630 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Inspiron 16 Plus 7640 |
Affected:
0 , < 1.25.0 or later
(semver)
|
|
| Dell | Inspiron 24 5420 All-in-One |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Inspiron 24 5430 All-in-One |
Affected:
0 , < 1.22.0 or later
(semver)
|
|
| Dell | Inspiron 27 7720 All-in-One |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Inspiron 27 7730 All-in-One |
Affected:
0 , < 1.22.0 or later
(semver)
|
|
| Dell | Inspiron 3020 Desktop |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Inspiron 3020 S |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Inspiron 3030 |
Affected:
0 , < 1.26.0 or later
(semver)
|
|
| Dell | Inspiron 3030S |
Affected:
0 , < 1.26.0 or later
(semver)
|
|
| Dell | Inspiron 5410 All-in-One |
Affected:
0 , < 1.38.0 or later
(semver)
|
|
| Dell | Inspiron 7710 All-in-One |
Affected:
0 , < 1.38.0 or later
(semver)
|
|
| Dell | Latitude 3320 |
Affected:
0 , < 1.44.0 or later
(semver)
|
|
| Dell | Latitude 3340 |
Affected:
0 , < 1.31.0 or later
(semver)
|
|
| Dell | Latitude 5320 |
Affected:
0 , < 1.51.0 or later
(semver)
|
|
| Dell | Latitude 5330 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Latitude 5340 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Latitude 5350 |
Affected:
0 , < 1.23.0 or later
(semver)
|
|
| Dell | Latitude 5421 |
Affected:
0 , < 1.46.0 or later
(semver)
|
|
| Dell | Latitude 5430 |
Affected:
0 , < 1.39.1 or later
(semver)
|
|
| Dell | Latitude 5430 Rugged Laptop |
Affected:
0 , < 1.43.0 or later
(semver)
|
|
| Dell | Latitude 5431 |
Affected:
0 , < 1.39.0 or later
(semver)
|
|
| Dell | Latitude 5440 |
Affected:
0 , < 1.31.1 or later
(semver)
|
|
| Dell | Latitude 5450 |
Affected:
0 , < 1.23.1 or later
(semver)
|
|
| Dell | Latitude 5520 |
Affected:
0 , < 1.51.0 or later
(semver)
|
|
| Dell | Latitude 5521 |
Affected:
0 , < 1.43.0 or later
(semver)
|
|
| Dell | Latitude 5530 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Latitude 5531 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Latitude 5540 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Latitude 5550 |
Affected:
0 , < 1.23.0 or later
(semver)
|
|
| Dell | Latitude 7030 Rugged Extreme |
Affected:
0 , < 1.23.0 or later
(semver)
|
|
| Dell | Latitude 7230 Rugged Extreme |
Affected:
0 , < 1.32.0 or later
(semver)
|
|
| Dell | Latitude 7320 |
Affected:
0 , < 1.50.1 or later
(semver)
|
|
| Dell | Latitude 7320 Detachable |
Affected:
0 , < 1.47.0 or later
(semver)
|
|
| Dell | Latitude 7330 |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | Latitude 7330 Rugged Laptop |
Affected:
0 , < 1.43.0 or later
(semver)
|
|
| Dell | Latitude 7340 |
Affected:
0 , < 1.30.0 or later
(semver)
|
|
| Dell | Latitude 7350 |
Affected:
0 , < 1.23.0 or later
(semver)
|
|
| Dell | Latitude 7420 |
Affected:
0 , < 1.50.1 or later
(semver)
|
|
| Dell | Latitude 7430 |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | Latitude 7440 |
Affected:
0 , < 1.31.1 or later
(semver)
|
|
| Dell | Latitude 7450 |
Affected:
0 , < 1.23.1 or later
(semver)
|
|
| Dell | Latitude 7520 |
Affected:
0 , < 1.50.1 or later
(semver)
|
|
| Dell | Latitude 7530 |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | Latitude 7640 |
Affected:
0 , < 1.31.1 or later
(semver)
|
|
| Dell | Latitude 7650 |
Affected:
0 , < 1.23.1 or later
(semver)
|
|
| Dell | Latitude 9330 |
Affected:
0 , < 1.37.0 or later
(semver)
|
|
| Dell | Latitude 9420 |
Affected:
0 , < 1.47.0 or later
(semver)
|
|
| Dell | Latitude 9430 |
Affected:
0 , < 1.40.1 or later
(semver)
|
|
| Dell | Latitude 9440 2-in-1 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Latitude 9450 |
Affected:
0 , < 1.21.1 or later
(semver)
|
|
| Dell | Latitude 9520 |
Affected:
0 , < 1.47.1 or later
(semver)
|
|
| Dell | OptiPlex 3000 Micro / OptiPlex 3000 Small Form Factor / OptiPlex 3000 Tower |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | OptiPlex 3000 Thin Client |
Affected:
0 , < 1.34.0 or later
(semver)
|
|
| Dell | OptiPlex 3090 Ultra |
Affected:
0 , < 1.42.0 or later
(semver)
|
|
| Dell | OptiPlex 5000 Micro / OptiPlex 5000 Small Form Factor / OptiPlex 5000 Tower |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | OptiPlex 5090 Micro / OptiPlex 5090 Small Form Factor / OptiPlex 5090 Tower |
Affected:
0 , < 1.42.0 or later
(semver)
|
|
| Dell | OptiPlex 5400 All-In-One |
Affected:
0 , < 1.1.59 or later
(semver)
|
|
| Dell | OptiPlex 5490 AIO |
Affected:
0 , < 1.47.0 or later
(semver)
|
|
| Dell | OptiPlex 7000 Micro / OptiPlex 7000 Small Form Factor / OptiPlex 7000 Tower / OptiPlex 7000 XE Micro |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | OptiPlex 7000 OEM MT+ |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | OptiPlex 7090 Tower |
Affected:
0 , < 1.42.0 or later
(semver)
|
|
| Dell | OptiPlex 7090 Ultra |
Affected:
0 , < 1.42.0 or later
(semver)
|
|
| Dell | OptiPlex 7400 All-In-One |
Affected:
0 , < 1.1.59 or later
(semver)
|
|
| Dell | OptiPlex 7490 AIO |
Affected:
0 , < 1.47.0 or later
(semver)
|
|
| Dell | OptiPlex AIO 7420 |
Affected:
0 , < 1.26.1 or later
(semver)
|
|
| Dell | OptiPlex All-in-One 7410 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | OptiPlex Micro 7010 / OptiPlex Micro Plus 7010 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | OptiPlex Micro 7020 |
Affected:
0 , < 1.26.1 or later
(semver)
|
|
| Dell | OptiPlex SFF 7020 |
Affected:
0 , < 1.26.1 or later
(semver)
|
|
| Dell | OptiPlex Small Form Factor 7010 / OptiPlex Small Form Factor Plus 7010 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | OptiPlex Tower 7010 / OptiPlex Tower Plus 7010 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | OptiPlex Tower 7020 |
Affected:
0 , < 1.26.1 or later
(semver)
|
|
| Dell | OptiPlex XE4 SFF |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | PC14255 |
Affected:
0 , < 1.14.1 or later
(semver)
|
|
| Dell | PC16255 |
Affected:
0 , < 1.14.1 or later
(semver)
|
|
| Dell | Precision 3260 XE Compact / Precision 3260 Compact |
Affected:
0 , < 3.26.0 or later
(semver)
|
|
| Dell | Precision 3280 CFF |
Affected:
0 , < 1.24.1 or later
(semver)
|
|
| Dell | Precision 3450 |
Affected:
0 , < 1.42.0 or later
(semver)
|
|
| Dell | Precision 3460 XE Small Form Factor / Precision 3460 Small Form Factor |
Affected:
0 , < 3.26.0 or later
(semver)
|
|
| Dell | Precision 3470 |
Affected:
0 , < 1.39.0 or later
(semver)
|
|
| Dell | Precision 3480 |
Affected:
0 , < 1.31.1 or later
(semver)
|
|
| Dell | Precision 3490 |
Affected:
0 , < 1.23.1 or later
(semver)
|
|
| Dell | Precision 3560 |
Affected:
0 , < 1.51.0 or later
(semver)
|
|
| Dell | Precision 3561 |
Affected:
0 , < 1.43.0 or later
(semver)
|
|
| Dell | Precision 3570 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Precision 3571 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Precision 3580 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Precision 3581 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Precision 3590 |
Affected:
0 , < 1.23.0 or later
(semver)
|
|
| Dell | Precision 3591 |
Affected:
0 , < 1.23.0 or later
(semver)
|
|
| Dell | Precision 3650 MT |
Affected:
0 , < 1.47.0 or later
(semver)
|
|
| Dell | Precision 3660 |
Affected:
0 , < 2.37.1 or later
(semver)
|
|
| Dell | Precision 3680 Tower |
Affected:
0 , < 1.26.1 or later
(semver)
|
|
| Dell | Precision 5470 |
Affected:
0 , < 1.39.0 or later
(semver)
|
|
| Dell | Precision 5480 |
Affected:
0 , < 1.27.0 or later
(semver)
|
|
| Dell | Precision 5490 |
Affected:
0 , < 1.21.1 or later
(semver)
|
|
| Dell | Precision 5560 |
Affected:
0 , < 1.46.0 or later
(semver)
|
|
| Dell | Precision 5570 |
Affected:
0 , < 1.41.0 or later
(semver)
|
|
| Dell | Precision 5680 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Precision 5690 |
Affected:
0 , < 1.23.0 or later
(semver)
|
|
| Dell | Precision 5770 |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | Precision 5860 Tower |
Affected:
0 , < 3.8.0 or later
(semver)
|
|
| Dell | Precision 7560 |
Affected:
0 , < 1.47.0 or later
(semver)
|
|
| Dell | Precision 7670 |
Affected:
0 , < 1.38.0 or later
(semver)
|
|
| Dell | Precision 7680 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Precision 7760 |
Affected:
0 , < 1.47.0 or later
(semver)
|
|
| Dell | Precision 7770 |
Affected:
0 , < 1.38.0 or later
(semver)
|
|
| Dell | Precision 7780 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Precision 7875 Tower |
Affected:
0 , < 02.10.01 or later
(semver)
|
|
| Dell | Precision 7960 Tower |
Affected:
0 , < 2.20.0 or later
(semver)
|
|
| Dell | Precision Tower 7865 |
Affected:
0 , < 1.26.0 or later
(semver)
|
|
| Dell | Vostro 14 3420 |
Affected:
0 , < 1.41.0 or later
(semver)
|
|
| Dell | Vostro 14 3430 |
Affected:
0 , < 1.32.0 or later
(semver)
|
|
| Dell | Vostro 14 3440 |
Affected:
0 , < 1.22.0 or later
(semver)
|
|
| Dell | Vostro 15 3510 |
Affected:
0 , < 1.46.0 or later
(semver)
|
|
| Dell | Vostro 15 3520 |
Affected:
0 , < 1.41.0 or later
(semver)
|
|
| Dell | Vostro 15 3530 |
Affected:
0 , < 1.32.0 or later
(semver)
|
|
| Dell | Vostro 16 5630 |
Affected:
0 , < 1.29.0 or later
(semver)
|
|
| Dell | Vostro 16 5640 |
Affected:
0 , < 1.21.0 or later
(semver)
|
|
| Dell | Vostro 3020 Small Desktop |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Vostro 3020 Tower Desktop |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Vostro 3030 |
Affected:
0 , < 1.26.0 or later
(semver)
|
|
| Dell | Vostro 3030S |
Affected:
0 , < 1.26.0 or later
(semver)
|
|
| Dell | Vostro 3910 |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | Vostro 5620 |
Affected:
0 , < 1.36.0 or later
(semver)
|
|
| Dell | Vostro 5890 |
Affected:
0 , < 1.42.0 or later
(semver)
|
|
| Dell | Vostro 7620 |
Affected:
0 , < 1.37.0 or later
(semver)
|
|
| Dell | XPS 13 9315 |
Affected:
0 , < 1.38.0 or later
(semver)
|
|
| Dell | XPS 13 9340 |
Affected:
0 , < 1.26.0 or later
(semver)
|
|
| Dell | XPS 13 9350 |
Affected:
0 , < 1.21.0 or later
(semver)
|
|
| Dell | XPS 13 Plus 9320 |
Affected:
0 , < 2.30.0 or later
(semver)
|
|
| Dell | XPS 14 (14 Premium) DA14250 |
Affected:
0 , < 1.11.0 or later
(semver)
|
|
| Dell | XPS 14 9440 |
Affected:
0 , < 1.24.0 or later
(semver)
|
|
| Dell | XPS 15 9510 |
Affected:
0 , < 1.46.0 or later
(semver)
|
|
| Dell | XPS 15 9520 |
Affected:
0 , < 1.41.0 or later
(semver)
|
|
| Dell | XPS 15 9530 |
Affected:
0 , < 1.31.0 or later
(semver)
|
|
| Dell | XPS 16 (16 Premium) DA16250 |
Affected:
0 , < 1.13.0 or later
(semver)
|
|
| Dell | XPS 16 9640 |
Affected:
0 , < 1.23.0 or later
(semver)
|
|
| Dell | XPS 17 9720 |
Affected:
0 , < 1.40.0 or later
(semver)
|
|
| Dell | XPS 17 9730 |
Affected:
0 , < 1.27.0 or later
(semver)
|
|
| Dell | XPS 9320 |
Affected:
0 , < 2.30.0 or later
(semver)
|
Date Public
2026-06-30 06:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T02:13:05.435803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T02:13:16.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Inspiron 15 3520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G15 5530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.33.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 16 Area-51 AA16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.4.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 16 Aurora AC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 16X Aurora AC16251",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.4.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 18 Area-51 AA18250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.4.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware Area-51 AAT2250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.17.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware Aurora ACT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m15 R6",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.44.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m15 R7",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m16 R1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.34.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m16 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.21.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m18 R1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.34.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware M18 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware x14 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware x16 R1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware X16 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3900",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3910/3911",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 14 DC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.7.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "14 Plus 2-in-1 DB04250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "14 Plus DB14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "15 DC15250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "16 Plus 2-in-1 DB06250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "16 Plus DB16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "24 All-in-One EC24250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "27 All-in-One EC27250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G15 5510",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G15 5511",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.43.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G15 5520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G16 7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "G16 7630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.33.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 13 Plus PB13250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.13.4 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 13 Plus PB13255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 13 Premium PA13250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.13.4 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 14 Essential PV14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 14 PC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 14 Plus PB14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.13.4 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 14 Plus PB14255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 14 Premium PA14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.13.4 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 16 PC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 16 Plus PB16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.13.4 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 16 Plus PB16255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro 24 All-In-One Plus QB24250 / Pro 24 All-In-One QC24250 / Pro 24 All-In-One QC24251",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Laptop PC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Laptop PC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Max 14 MC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.14.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Max 14 MC14255",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.4.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Max 16 MC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.14.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Max 16 MC16255",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.4.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Max Micro FCM2250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Max Slim FCS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Max Tower T2 FCT2250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.2 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Micro / QCM1255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Micro Plus QBM1250 / Pro Micro QCM1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Micro/Micro Plus QCM1250/QBM1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Precision 7 T1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Rugged 10 Tablets",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Rugged 12 Tablet",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Rugged 13 RA13250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Rugged 14 RB14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Slim / QCS1255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Slim Essential QVS1260",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Slim Plus QBS1250 / Pro Slim QCS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Slim Plus QBS1250/Pro Slim QCS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Tower / QCT1255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Tower Essential QVT1260",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Tower Plus QBT1250 / Pro Tower QCT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pro Tower Plus QBT1250/Pro Tower QCT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Slim ECS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tower ECT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.15.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 13 5330",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 5420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 5430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 5440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 7430 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 7440 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 Plus 7420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 Plus 7430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 Plus 7440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 15 3511",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.46.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 15 3530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 5620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 5630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 5640",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.21.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7630 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7640 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.21.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 Plus 7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 Plus 7630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 Plus 7640",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 24 5420 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 24 5430 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 27 7720 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 27 7730 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3020 Desktop",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3020 S",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3030",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3030S",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 5410 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 7710 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3320",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.44.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3340",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5320",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.51.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5330",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5340",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5421",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.46.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.39.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5430 Rugged Laptop",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.43.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5431",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.39.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.51.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5521",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.43.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5531",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5540",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 5550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7030 Rugged Extreme",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7230 Rugged Extreme",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7320",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.50.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7320 Detachable",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.47.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7330",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7330 Rugged Laptop",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.43.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7340",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.50.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.50.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7640",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 7650",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 9330",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 9420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.47.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 9430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 9440 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 9450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.21.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 9520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.47.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 3000 Micro / OptiPlex 3000 Small Form Factor / OptiPlex 3000 Tower",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 3000 Thin Client",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.34.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 3090 Ultra",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.42.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 5000 Micro / OptiPlex 5000 Small Form Factor / OptiPlex 5000 Tower",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 5090 Micro / OptiPlex 5090 Small Form Factor / OptiPlex 5090 Tower",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.42.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 5400 All-In-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.59 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 5490 AIO",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.47.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 7000 Micro / OptiPlex 7000 Small Form Factor / OptiPlex 7000 Tower / OptiPlex 7000 XE Micro",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 7000 OEM MT+",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 7090 Tower",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.42.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 7090 Ultra",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.42.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 7400 All-In-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.59 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex 7490 AIO",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.47.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex AIO 7420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex All-in-One 7410",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex Micro 7010 / OptiPlex Micro Plus 7010",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex Micro 7020",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex SFF 7020",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex Small Form Factor 7010 / OptiPlex Small Form Factor Plus 7010",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex Tower 7010 / OptiPlex Tower Plus 7010",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex Tower 7020",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OptiPlex XE4 SFF",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC14255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.14.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC16255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.14.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3260 XE Compact / Precision 3260 Compact",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.26.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3280 CFF",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.24.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.42.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3460 XE Small Form Factor / Precision 3460 Small Form Factor",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.26.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3470",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.39.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3480",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3490",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3560",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.51.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3561",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.43.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3570",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3571",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3580",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3581",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3590",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3591",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3650 MT",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.47.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3660",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.37.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 3680 Tower",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 5470",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.39.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 5480",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.27.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 5490",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.21.1 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 5560",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.46.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 5570",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 5680",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 5690",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 5770",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 5860 Tower",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.8.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 7560",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.47.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 7670",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 7680",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 7760",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.47.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 7770",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 7780",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 7875 Tower",
"vendor": "Dell",
"versions": [
{
"lessThan": "02.10.01 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision 7960 Tower",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.20.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Precision Tower 7865",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 14 3420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 14 3430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 14 3440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 15 3510",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.46.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 15 3520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 15 3530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 16 5630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 16 5640",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.21.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 3020 Small Desktop",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 3020 Tower Desktop",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 3030",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 3030S",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 3910",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 5620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 5890",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.42.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vostro 7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 13 9315",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 13 9340",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 13 9350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.21.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 13 Plus 9320",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.30.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 14 (14 Premium) DA14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 14 9440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.24.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 15 9510",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.46.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 15 9520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 15 9530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 16 (16 Premium) DA16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 16 9640",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.23.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 17 9720",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.40.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 17 9730",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.27.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XPS 9320",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.30.0 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Dell would like to thank alexVinarskis for reporting this issue."
}
],
"datePublic": "2026-06-30T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"value": "Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T08:54:57.716Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000452197/dsa-2026-195"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2026-35159",
"datePublished": "2026-07-03T08:08:31.672Z",
"dateReserved": "2026-04-01T17:04:27.475Z",
"dateUpdated": "2026-07-07T02:13:16.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3591 (GCVE-0-2026-3591)
Vulnerability from cvelistv5 – Published: 2026-03-25 13:34 – Updated: 2026-03-25 14:13
VLAI
EPSS
VEX
Title
A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass
Summary
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/cve-2026-3591 | vendor-advisory |
| https://downloads.isc.org/isc/bind9/9.20.21 | patch |
| https://downloads.isc.org/isc/bind9/9.21.20 | patch |
Impacted products
Date Public
2026-03-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T14:12:43.295485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:13:01.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.20.20",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.19",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.20-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46",
"status": "unaffected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46-S1",
"status": "unaffected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20",
"versionStartIncluding": "9.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.21.19",
"versionStartIncluding": "9.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20-S1",
"versionStartIncluding": "9.20.9-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46",
"versionStartIncluding": "9.18.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46-S1",
"versionStartIncluding": "9.18.11-S1",
"vulnerable": false
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Mcsky23 for bringing this vulnerability to our attention."
}
],
"datePublic": "2026-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-562",
"description": "CWE-562 Return of Stack Variable Address",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:34:14.202Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2026-3591",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2026-3591"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2026-3591",
"datePublished": "2026-03-25T13:34:14.202Z",
"dateReserved": "2026-03-05T12:50:58.915Z",
"dateUpdated": "2026-03-25T14:13:01.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.