CVE-2026-26948 - Vulnerability Details

- Exposure of Sensitive System Information Due to Uncleared Debug Information in Dell iDRAC9 and iDRAC10

Description

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

Published: 2026-03-18

Score: 4.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Dell Integrated Dell Remote Access Controller firmware versions prior to 7.00.00.174 (9 and 14G) and 7.10.90.00 (15G and 16G) contain sensitive debug information that is not properly cleared. This leads to an exposure of sensitive system information. The vulnerability is categorized as CWE-1258, which indicates inappropriate inclusion of debug data that can expose confidential information. As a result, an attacker can potentially retrieve sensitive data, compromising confidentiality of the device and potentially the host system it manages.

Affected Systems

Dell iDRAC9 and iDRAC10 firmware releases from the 9 and 14G family before 7.00.00.174 and from the 15G and 16G family before 7.10.90.00 are affected. These include all deployments of the Integrated Dell Remote Access Controller that run the specified firmware versions on Dell servers.

Risk and Exploitability

The CVSS score of 4.9 indicates a low‑to‑moderate severity. The description confirms that a high privileged attacker with remote access can exploit the flaw. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not widely exploited yet. However, the attacker must have remote access and elevated privileges to the iDRAC interface to retrieve the exposed debug data, which suggests a targeted attack rather than mass exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

Integrated Dell Remote Access Controller

unaffected

Version	Status	Constraints
`0`	affected	< 7.00.00.174 or later
`0`	affected	< 7.10.90.00 or later

No data.

Vendor Product Confidence Versions

Dell

Integrated Dell Remote Access Controller 8

98%

Version	Status	Scheme	Platform
`[0,7.00.00.174)`	affected	generic	—
`[0,7.10.90.00)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the Dell iDRAC security update to firmware version 7.00.00.174 or higher for iDRAC9 and iDRAC10 14G, and to 7.10.90.00 or higher for iDRAC10 15G and 16G as detailed in the Dell support advisory.
If immediate patching is not possible, restrict external network access to the iDRAC interface to trusted administrators only and disable any debug logging features if configurable.

Generated by OpenCVE AI on March 18, 2026 at 19:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00051.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities

History

Tue, 24 Mar 2026 13:30:00 +0000

Type	Values Removed	Values Added
Title		Exposure of Sensitive System Information Due to Uncleared Debug Information in Dell iDRAC9 and iDRAC10

Thu, 19 Mar 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell integrated Dell Remote Access Controller 8
Vendors & Products		Dell Dell integrated Dell Remote Access Controller 8

Wed, 18 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Mar 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.
Weaknesses		CWE-1258
References		https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Dell Integrated Dell Remote Access Controller 8

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2026-03-18T17:40:25.370Z

Updated: 2026-03-18T18:14:17.609Z

Reserved: 2026-02-16T18:04:20.509Z

Link: CVE-2026-26948

Vulnrichment

Updated: 2026-03-18T18:14:12.952Z

NVD

Status : Awaiting Analysis

Published: 2026-03-18T18:16:26.530

Modified: 2026-03-19T13:25:00.570

Link: CVE-2026-26948

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:58:25Z

Weaknesses

CWE-1258

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object