Description
Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-02-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The Dell iDRAC Service Module for Windows (before v6.0.3.1) and Linux (before v5.4.1.1) contains an improper access control flaw that allows a user with local low privileges to gain elevated privileges on the host; this elevation could enable the attacker to perform administrative actions that are normally restricted to privileged accounts, thereby compromising the integrity of the system. The weakness is categorized as CWE-284.

Affected Systems

Dell iDRAC Service Module for Windows versions earlier than 6.0.3.1 and Dell iDRAC Service Module for Linux versions earlier than 5.4.1.1 are affected; these modules run on Dell servers and provide remote management capabilities.

Risk and Exploitability

The CVSS base score of 7.8 indicates high severity, yet the EPSS score of less than 1% shows that exploitation is currently considered unlikely in the wild; the vulnerability requires local, low‑privileged access, and it is not listed in the CISA KEV catalog, so there is no evidence of active exploitation yet.

Generated by OpenCVE AI on April 18, 2026 at 18:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell Security Advisory DSA-2026-077 to upgrade the iSM to Windows 6.0.3.1 or Linux 5.4.1.1, which contains the fix for the access control flaw.
  • Restrict local user accounts to the least privileges required for their duties and disable any unused local accounts to reduce the attack surface.
  • Enforce proper authentication and authorization controls for any services running on the iSM to ensure only authorized local users can perform privileged actions.

Generated by OpenCVE AI on April 18, 2026 at 18:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Dell iDRAC Service Module Enables Local Privilege Escalation

Thu, 12 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell idrac Service Module
Vendors & Products Dell
Dell idrac Service Module

Thu, 12 Feb 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Idrac Service Module
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-26T14:44:22.068Z

Reserved: 2026-01-16T18:05:07.319Z

Link: CVE-2026-23856

cve-icon Vulnrichment

Updated: 2026-02-12T15:34:14.239Z

cve-icon NVD

Status : Deferred

Published: 2026-02-12T03:15:46.833

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23856

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:15:06Z

Weaknesses