Description
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Published: 2026-04-08
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Exposure
Action: Patch
AI Analysis

Impact

The flaw is an incorrect permission assignment that allows a local user with low privileges to access critical resources managed by the Dell PowerProtect Agent Service. This can lead to the exposure of confidential data that the agent processes or stores, representing an information disclosure risk. The weakness corresponds to CWE‑732, which describes improper handling of permissions that permits unauthorized access to sensitive resources.

Affected Systems

Dell PowerProtect Agent Service, versions earlier than 20.1, installed on Dell PowerProtect solutions that include the agent component. Systems that have not yet been upgraded to version 20.1 or later are affected.

Risk and Exploitability

The CVSS base score of 3.3 indicates low severity. The EPSS score is not available, leaving the likelihood of exploitation uncertain. The vulnerability is not listed in the CISA KEV catalog. Because the attack requires local access with a low‑privileged account, the threat is limited to systems that can be accessed physically or remotely with low‑privileged credentials. The overall risk is low to moderate, and remediation by patching is strongly recommended.

Generated by OpenCVE AI on April 8, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerProtect Data Manager security update to version 20.1 or later.
  • Verify that the update was installed correctly and that the PowerProtect Agent service restarts successfully.
  • If patching cannot be performed immediately, restrict local user access to the PowerProtect Agent executable and its related directories to reduce the chance of information exposure.
  • Monitor system logs for signs of unauthorized data access after remediation.

Generated by OpenCVE AI on April 8, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Agent
Vendors & Products Dell
Dell powerprotect Agent

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Information Exposure via Improper Permission Assignment in Dell PowerProtect Agent Service

Wed, 08 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Dell Powerprotect Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-08T14:16:22.270Z

Reserved: 2026-02-25T18:04:25.462Z

Link: CVE-2026-28264

cve-icon Vulnrichment

Updated: 2026-04-08T14:16:18.733Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T12:16:21.110

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-28264

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:21:55Z

Weaknesses