CVE-2026-26945 - Vulnerability Details

- Process Control Vulnerability in Dell Integrated Dell Remote Access Controller (iDRAC)

Description

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.

Published: 2026-03-18

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A process control flaw exists in Dell Integrated Dell Remote Access Controller firmware versions before 7.00.00.181 for iDRAC 9/14G, 7.20.10.50 for iDRAC 15G/16G, and 1.20.25.00 for iDRAC 10/17G. Key detail from vendor description: a high‑privileged attacker with adjacent network access could exploit this vulnerability, leading to code execution. The weakness is identified as CWE‑114 (Process Control).

Affected Systems

Affected systems are Dell iDRAC firmware versions: iDRAC 9/14G prior to 7.00.00.181; iDRAC 15G/16G prior to 7.20.10.50; iDRAC 10/17G prior to 1.20.25.00. Users of any of these firmware releases are potentially vulnerable.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity. EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog, suggesting it has not been actively exploited publicly yet. Based on the description, the likely attack vector requires the attacker to have high privilege on the same network as the iDRAC, implying the need for close network proximity or credential compromise. The vulnerability permits remote code execution if exploited, which could allow an attacker to take control of the server through the iDRAC interface.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

Integrated Dell Remote Access Controller

unaffected

Version	Status	Constraints
`0`	affected	< 7.00.00.181 or later
`0`	affected	< 7.20.10.50 or later
`0`	affected	< 1.20.25.00 or later

No data.

Vendor Product Confidence Versions

Dell

Integrated Dell Remote Access Controller 8

98%

Version	Status	Scheme	Platform
`[0,7.00.00.181)`	affected	generic	—
`[0,7.20.10.50)`	affected	generic	—
`[0,1.20.25.00)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update iDRAC firmware to at least 7.00.00.181 for iDRAC 9/14G, 7.20.10.50 for iDRAC 15G/16G, or 1.20.25.00 for iDRAC 10/17G using the Dell security update referenced in the knowledge base article.
If immediate firmware update is not possible, restrict local administrative or remote control access to the iDRAC and monitor for unusual activity from adjacent network segments.
Consult Dell support for guidance on temporary mitigations if the firmware update cannot be applied in the short term.

Generated by OpenCVE AI on March 18, 2026 at 19:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00059.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities

History

Tue, 24 Mar 2026 13:30:00 +0000

Type	Values Removed	Values Added
Title		Process Control Vulnerability in Dell Integrated Dell Remote Access Controller (iDRAC)

Thu, 19 Mar 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell integrated Dell Remote Access Controller 8
Vendors & Products		Dell Dell integrated Dell Remote Access Controller 8

Wed, 18 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Mar 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.
Weaknesses		CWE-114
References		https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L'}`

Subscriptions

Dell Integrated Dell Remote Access Controller 8

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2026-03-18T17:27:23.742Z

Updated: 2026-03-18T18:13:41.928Z

Reserved: 2026-02-16T18:04:20.508Z

Link: CVE-2026-26945

Vulnrichment

Updated: 2026-03-18T18:11:57.040Z

NVD

Status : Awaiting Analysis

Published: 2026-03-18T18:16:26.347

Modified: 2026-03-19T13:25:00.570

Link: CVE-2026-26945

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:58:26Z

Weaknesses

CWE-114

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object