Description
Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Published: 2026-07-03
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Dell Client Platform BIOS and allows an attacker to bypass primary authentication mechanisms by exploiting a credential handling weakness identified as CWE‑305. This flaw can enable unauthorized reading of sensitive information stored within the system, resulting in information disclosure.

Affected Systems

The flaw affects Dell’s entire range of client devices, including XPS, Inspiron, Latitude, Vostro, Alienware, Precision, and many other laptop, ultrabook, and all‑in‑one models listed in the CNA data. All devices using the affected BIOS firmware and lacking the latest update are susceptible.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity threat. EPSS is not available and the vulnerability is not listed in CISA’s KEV catalog. An attacker with physical proximity to a device can exploit the authentication bypass without needing credentials, potentially reading protected data from memory or storage. The risk is confined to environments where device security cannot be strictly enforced, but the impact of unauthorized disclosure could be significant for corporate assets.

Generated by OpenCVE AI on July 3, 2026 at 17:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest BIOS update as referenced in Dell's DSA‑2026‑195 support article.
  • Restrict physical access to affected devices by using lock cabinets, key‑controlled access, and monitoring of the device area.
  • Enable BIOS password protection and configure secure boot settings to prevent unauthorized firmware access.

Generated by OpenCVE AI on July 3, 2026 at 17:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 17:45:00 +0000

Type Values Removed Values Added
Title BIOS Authentication Bypass Enables Information Disclosure with Physical Attack

Fri, 03 Jul 2026 09:00:00 +0000

Type Values Removed Values Added
Description Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Weaknesses CWE-305
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-07-03T08:54:57.716Z

Reserved: 2026-04-01T17:04:27.475Z

Link: CVE-2026-35159

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T17:30:15Z

Weaknesses
  • CWE-305

    Authentication Bypass by Primary Weakness