Description
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Published: 2026-03-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Elevation of Privileges
Action: Patch ASAP
AI Analysis

Impact

The vulnerability resides in the Dell Device Management Agent, where an incorrect authorization check allows a low‑privileged local user to gain higher system privileges. This could lead to unauthorized configuration changes, elevated privileges and potentially full system control. The weakness is identified as CWE‑863, an authorization bypass.

Affected Systems

Affected systems are Dell devices running the Device Management Agent version earlier than 26.02. The vulnerability applies to all subsystems that rely on the DDMA component, regardless of the platform or operating system on which the agent is installed.

Risk and Exploitability

The CVSS base score is 5.5, indicating moderate risk. The EPSS is under 1% and the vulnerability is not in the KEV list, reflecting low current exploitation probability. However, exploitation requires local access with low privileges, so any local user who can execute code on the device may potentially leverage the flaw. There is no publicly disclosed exploit at this time, but an attacker could obtain elevated privileges by exploiting the missing authorization check.

Generated by OpenCVE AI on April 16, 2026 at 13:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell Device Management Agent 26.02 or newer update per the Dell support KB.
  • Restrict local user privileges to prevent execution of DDMA configuration processes until a patch is applied.
  • Disable the DDMA service or component if it is not required for device management until a patch is available.

Generated by OpenCVE AI on April 16, 2026 at 13:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Elevation of Privileges via Incorrect Authorization in Dell Device Management Agent

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell device Management Agent
CPEs cpe:2.3:a:dell:device_management_agent:*:*:*:*:*:*:*:*
Vendors & Products Dell device Management Agent

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell device Management Agent (ddma)
Vendors & Products Dell
Dell device Management Agent (ddma)

Wed, 04 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Dell Device Management Agent Device Management Agent (ddma)
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-04T18:47:02.866Z

Reserved: 2026-02-16T18:04:20.509Z

Link: CVE-2026-26949

cve-icon Vulnrichment

Updated: 2026-03-04T18:46:55.132Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T18:16:29.190

Modified: 2026-06-17T10:26:26.207

Link: CVE-2026-26949

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:45:21Z

Weaknesses