Description
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-05-11
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell Automation Platform versions earlier than 2.0.0.0 contain a missing authorization flaw that allows an attacker with low privilege and remote access to gain higher privileges on the system. The vulnerability is a classic example of improper authorization (CWE-862) and can lead to unauthorized execution of privileged operations. It does not involve code execution or denial of service, but it gives the attacker control that can be used to compromise the platform’s integrity and confidentiality.

Affected Systems

The bug affects Dell’s Automation Platform where all releases with a version number older than 2.0.0.0 are vulnerable. No other Dell products or later releases are impacted according to the CNA data.

Risk and Exploitability

The CVSS score of 8 indicates a high severity vulnerability. The EPSS score of less than 1% means the historical probability of exploitation is low, and the flaw is not yet listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is remote access by a low‑privileged user who can authorize their actions due to the missing check. If exploited, the attacker can elevate their privileges, potentially leading to full control over the platform.

Generated by OpenCVE AI on May 11, 2026 at 17:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell Automation Platform update DSA-2026-193 to obtain the fix for the missing authorization issue.
  • Configure and enforce role‑based access controls to limit which operations can be performed by remote users.
  • Restrict remote access to the Automation Platform to trusted IP ranges or VPN connections to reduce the attack surface.

Generated by OpenCVE AI on May 11, 2026 at 17:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell automation Platform
Vendors & Products Dell
Dell automation Platform

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Title Missing Authorization Leading to Privilege Escalation in Dell Automation Platform

Mon, 11 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Automation Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-11T15:50:44.710Z

Reserved: 2026-03-12T17:04:27.868Z

Link: CVE-2026-32658

cve-icon Vulnrichment

Updated: 2026-05-11T15:50:10.654Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T10:16:13.370

Modified: 2026-05-12T14:17:10.613

Link: CVE-2026-32658

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T09:23:24Z

Weaknesses