Description
Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution.
Published: 2026-06-16
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell Peripheral Manager versions 1.5.1 through 1.7.2 contain an uncontrolled search path element vulnerability (CWE-427). The flaw allows an attacker to preload a malicious executable into the search path, which then runs under the user’s privileges, enabling arbitrary code execution on the host. The vulnerability does not require authentication and derives its impact from improper validation of the executable search path.

Affected Systems

Dell computers that ship with Dell Peripheral Manager versions 1.5.1 to 1.7.2 are affected; no specific hardware families are identified in the advisory.

Risk and Exploitability

The CVSS score of 6.7 marks the issue as moderate severity, while the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not listed in CISA KEV. Attackers would typically exploit the flaw by preloading a malicious executable either during local use or by leveraging removable media. Once the executable is placed in the search path, it can be executed without user interaction, giving the attacker full control over the system. Although current exploitation rates are low, the high impact of remote code execution warrants prompt remediation.

Generated by OpenCVE AI on June 17, 2026 at 21:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell Peripheral Manager update to a fixed version that removes the uncontrolled search path element vulnerability.
  • If no update is immediately available, disable or uninstall the peripheral manager component to prevent execution of arbitrary binaries.
  • Restrict write access to directories used by the peripheral manager and monitor for unexpected executables placed in PATH-like locations.

Generated by OpenCVE AI on June 17, 2026 at 21:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Uncontrolled Search Path Element in Dell Peripheral Manager Enables Arbitrary Code Execution

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell peripheral Manager
Vendors & Products Dell
Dell peripheral Manager

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution.
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

Dell Peripheral Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-17T03:55:58.900Z

Reserved: 2024-01-10T15:26:10.251Z

Link: CVE-2024-22451

cve-icon Vulnrichment

Updated: 2026-06-16T18:01:55.348Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T17:16:27.697

Modified: 2026-06-16T17:34:39.967

Link: CVE-2024-22451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T21:45:02Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element