Description
Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.
Published: 2026-02-23
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation leading to arbitrary code execution
Action: Patch Now
AI Analysis

Impact

Dell Repository Manager (DRM) versions earlier than 3.4.8 contain an uncontrolled search path element flaw. The vulnerability permits a locally privileged attacker to insert malicious entries into the system's search path, enabling the execution of arbitrary code with elevated privileges. This can lead to full system compromise and unauthorized data access.

Affected Systems

The issue affects Dell Repository Manager deployments running any version prior to 3.4.8. The specific product is Dell Repository Manager available on Dell platforms.

Risk and Exploitability

The CVSS score is 7.3, indicating a high severity, while the EPSS score is below 1%, suggesting exploit probability is low at present. The vulnerability is not listed in the CISA KEV catalog. A local attacker with limited system permissions is required; the attack is opportunistic and depends on the ability to alter environment path variables on the host. Once exploited, the attacker can gain the same privileges as the service process, resulting in full control over the host.

Generated by OpenCVE AI on April 18, 2026 at 11:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell Repository Manager to version 3.4.8 or newer to eliminate the uncontrolled search path flaw
  • Configure the system to enforce a secure path for all processes and restrict alterations to the path variable by non‑administrative users
  • Validate and monitor environment variable changes to detect and alert on unauthorized modifications

Generated by OpenCVE AI on April 18, 2026 at 11:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Uncontrolled Search Path in Dell Repository Manager

Thu, 26 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:repository_manager:*:*:*:*:*:*:*:*

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell repository Manager
Vendors & Products Dell
Dell repository Manager

Mon, 23 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Description Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Repository Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-26T14:44:11.103Z

Reserved: 2025-12-24T16:33:47.094Z

Link: CVE-2026-21420

cve-icon Vulnrichment

Updated: 2026-02-23T14:32:54.633Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-23T14:16:21.823

Modified: 2026-02-24T21:56:03.183

Link: CVE-2026-21420

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:15:35Z

Weaknesses