Description
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-02-12
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Elevation of Privileges
Action: Patch Request
AI Analysis

Impact

The Dell Update Package Framework contains an improper handling of insufficient permissions or privileges that can be abused to elevate a low privileged local attacker to higher system rights. The weakness allows a local user with limited rights to bypass security checks when executing the framework, which is classified as CWE-280. Unchecked privileges can lead to full system compromise and unrestricted access to data and services.

Affected Systems

Dell Update Package (DUP) Framework; versions 23.12.00 through 24.12.00 are affected. These versions are used in Dell systems to apply firmware and driver updates. The issue does not appear in earlier or later releases not listed here.

Risk and Exploitability

The vulnerability has a CVSS score of 8.2 indicating a high severity impact. However, the EPSS score is below 1%, suggesting that exploitation is unlikely in the wild at this time. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. The attack vector is inferred to be local, requiring an attacker to have some level of local access but not administrative rights. Once the local user exploits the permission flaw, they can gain elevated privileges and potentially gain full control of the affected system.

Generated by OpenCVE AI on April 17, 2026 at 20:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Dell security update DSA-2026-081 for the Update Package Framework, which resolves the privilege escalation issue.
  • Limit local user accounts to only those explicitly authorized for system maintenance and monitoring for unauthorized accounts.
  • Enforce strict file permission checks on the update package components to prevent unauthorized write or execution by non-administrative users.

Generated by OpenCVE AI on April 17, 2026 at 20:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Improper Handling of Insufficient Permissions in Dell Update Package Framework

Wed, 18 Feb 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell update Package Framework
CPEs cpe:2.3:a:dell:update_package_framework:*:*:*:*:*:*:*:*
Vendors & Products Dell update Package Framework

Thu, 12 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell update Package
Vendors & Products Dell
Dell update Package

Thu, 12 Feb 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-280
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Dell Update Package Update Package Framework
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-26T14:44:21.920Z

Reserved: 2026-01-16T18:05:07.319Z

Link: CVE-2026-23857

cve-icon Vulnrichment

Updated: 2026-02-12T15:33:28.016Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-12T03:15:47.003

Modified: 2026-02-18T19:33:06.040

Link: CVE-2026-23857

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:15:26Z

Weaknesses