HIGHCVE-2026-23856Published 2026-02-12Modified 2026-02-26CNA dell

CVE-2026-23856: Dell iDRAC Service Module (iSM) for Windows, versions prior to 6

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: 5.4.1.1
Affected Products: 2

Fix available

5.4.1.16.0.3.1

Affected packages

Dell / iDRAC Service Module
< 5.4.1.1 (from N/A) · < 6.0.3.1 (from N/A)
Dell / iDRAC Service Module for Linux
< 5.4.1.1 (from N/A)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

dell.com

Metrics

Fix available