Description
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Published: 2026-03-16
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Elevation of Privileges
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an Improper Neutralization of Special Elements used in a Command, also referred to as Command Injection (CWE-77). A local attacker with low privileged access can supply specially crafted input to bypass command sanitization and execute arbitrary system commands, resulting in elevation of privileges on the device. The affected component that processes local user inputs is where the vulnerability resides, inferred from the description of the command processing context.

Affected Systems

Affected product: Dell ThinOS 10. All versions prior to ThinOS 2602_10.0573 are vulnerable. The vulnerability requires local access; no remote exploitation is documented.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, and the EPSS score is not available, so exploitation likelihood cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, which reduces immediate threat signals. Nonetheless, because the attack vector is local and only low‑privileged access is needed, internal users or compromised local accounts are the primary risk. The likely attack vector is local, inferred from the mention of local low‑privileged access.

Generated by OpenCVE AI on March 17, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell ThinOS 2602_10.0573 patch or newer to remove the command injection flaw.
  • Verify that the device firmware is at least version 2602_10.0573; if it is older, upgrade the firmware to the latest Dell ThinOS release.

Generated by OpenCVE AI on March 17, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Dell ThinOS 10 Command Injection Elevating Privileges

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell thinos
Vendors & Products Dell
Dell thinos

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Thinos
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-17T03:55:37.692Z

Reserved: 2026-01-16T18:05:07.319Z

Link: CVE-2026-23862

cve-icon Vulnrichment

Updated: 2026-03-16T18:35:15.520Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T18:16:06.980

Modified: 2026-03-17T14:20:01.670

Link: CVE-2026-23862

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:50:08Z

Weaknesses