Description
Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
Published: 2026-06-09
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell iDRAC Tools versions before 11.4.1.0 contain an improper link resolution before file access vulnerability. This weakness allows a low‑privileged local attacker to direct the tool to follow a link that references another file path. As a result, the attacker could alter filesystem objects, leading to unauthorized modifications of configuration or system data, thereby compromising data integrity.

Affected Systems

The vulnerability affects Dell iDRAC Tools, specifically all releases earlier than version 11.4.1.0. Users running these older builds may be exposed if they allow local users to interact with the tool.

Risk and Exploitability

The CVSS score of 6 indicates a moderate severity, but the lack of a publicly available exploit and the fact that it targets local low‑privileged users reduces the likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog and no EPSS score is available. The attacker would need local access, making remote compromise unlikely without further local privilege escalation.

Generated by OpenCVE AI on June 9, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell iDRAC Tools to version 11.4.1.0 or later to eliminate the link resolution flaw.
  • Restrict local access to the iDRAC Tool to only privileged users or isolate the management network to prevent local attackers from interacting with the tool.
  • Monitor file access and audit logs for abnormal link following activity to detect and investigate potential tampering attempts.

Generated by OpenCVE AI on June 9, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Title Improper Link Resolution in Dell iDRAC Tools Prior to 11.4.1.0
First Time appeared Dell
Dell idrac Tools
Vendors & Products Dell
Dell idrac Tools

Tue, 09 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H'}

Subscriptions

Dell Idrac Tools
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-09T12:55:37.851Z

Reserved: 2026-02-25T18:04:25.462Z

Link: CVE-2026-28262

cve-icon Vulnrichment

Updated: 2026-06-09T12:55:33.147Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T09:16:29.037

Modified: 2026-06-09T13:53:24.200

Link: CVE-2026-28262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T09:30:36Z

Weaknesses