Description
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
Published: 2026-04-29
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Dell/Alienware Purchased Apps is an improper link resolution before file access, allowing a low‑privileged attacker who already has local access to write arbitrary files. This issue is categorized as CWE‑59 and can compromise data integrity by letting an attacker overwrite or inject files.

Affected Systems

Dell/Alienware Purchased Apps versions earlier than 1.1.31.0 are affected. The problem exists in the default installation of these apps; newer releases are not impacted.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. Because the exploit requires local execution with low privileges, the attack vector is local. The EPSS score is not available, but the vulnerability is not listed in CISA’s KEV catalog, suggesting limited public exploitation data. Organizations should treat the risk as moderate and remediate promptly.

Generated by OpenCVE AI on April 29, 2026 at 21:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Dell/Alienware Purchased Apps 1.1.31.0 or later, which addresses the link resolution flaw.
  • Restrict file system permissions in the application directory to prevent local users from writing files, ensuring that write access is limited to the application process only.
  • Monitor the application and system logs for unexpected file modifications or privilege escalations, and investigate any suspicious activity immediately.

Generated by OpenCVE AI on April 29, 2026 at 21:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell alienware Purchased Apps
Vendors & Products Dell
Dell alienware Purchased Apps

Wed, 29 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Title Improper Link Resolution Before File Access Enables Arbitrary File Write

Wed, 29 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

Dell Alienware Purchased Apps
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-29T19:30:57.447Z

Reserved: 2026-02-17T18:05:21.467Z

Link: CVE-2026-27105

cve-icon Vulnrichment

Updated: 2026-04-29T19:30:52.331Z

cve-icon NVD

Status : Received

Published: 2026-04-29T19:16:22.910

Modified: 2026-04-29T19:16:22.910

Link: CVE-2026-27105

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:20:57Z

Weaknesses