Description
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL.
Published: 2026-03-05
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An incorrect default permissions flaw in the Dell UPS Multi-UPS Management Console (MUMC) allows an attacker to load a specially crafted DLL. The vulnerability enables execution of arbitrary code with SYSTEM privileges, effectively providing full control over the host system. This is a classic remote code execution risk classified as CWE-276.

Affected Systems

The Dell UPS Multi-UPS Management Console version 01.06.0001 (A03) is affected. The product is sold by Dell Inc. as the UPS Multi-UPS Management Console.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity, yet the EPSS score is reported as less than 1%, suggesting a very low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local or via the console’s administrative interface, as the description references the application loading a DLL rather than a network-facing component.

Generated by OpenCVE AI on April 16, 2026 at 12:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and apply the latest Dell UPS Multi-UPS Management Console update available from Dell support (driverid 038h3).
  • Restart the UPS Multi-UPS Management Console to ensure the updated binaries are loaded.
  • Restrict the console’s application directory permissions to prevent unauthorized DLL loading and disable directory search if possible.

Generated by OpenCVE AI on April 16, 2026 at 12:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Title Arbitrary Code Execution via Improper DLL Permissions in Dell UPS Console

Mon, 09 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell ups Multi-ups Management Console
Weaknesses CWE-428
CPEs cpe:2.3:a:dell:ups_multi-ups_management_console:01.06.0001_\(a03\):*:*:*:*:*:*:*
Vendors & Products Dell
Dell ups Multi-ups Management Console

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell Inc.
Dell Inc. ups Multi-ups Management Console (mumc)
Vendors & Products Dell Inc.
Dell Inc. ups Multi-ups Management Console (mumc)

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL.
Weaknesses CWE-276
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Dell Ups Multi-ups Management Console
Dell Inc. Ups Multi-ups Management Console (mumc)
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-05T15:41:45.919Z

Reserved: 2026-02-10T05:52:34.660Z

Link: CVE-2026-26034

cve-icon Vulnrichment

Updated: 2026-03-05T15:32:41.472Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T03:15:54.540

Modified: 2026-03-09T18:43:31.993

Link: CVE-2026-26034

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:00:11Z

Weaknesses