Description
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure.
Published: 2026-06-02
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper access control flaw exists in Dell ThinOS 10 versions earlier than 2602_10.0765. The vulnerability allows an attacker who is unauthenticated but has physical access to a device to read sensitive information. The primary consequence is the disclosure of data that should be protected, affecting confidentiality without necessarily compromising integrity or availability.

Affected Systems

Dell ThinOS 10 environments running firmware prior to 2602_10.0765. The flaw applies to all models that ship with a ThinOS 10 operating system before the specified build number.

Risk and Exploitability

The CVSS score of 6.1 indicates a moderate severity. The attack requires physical proximity and no network connectivity, so the probability of exploitation depends largely on the physical security of the environment. While the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the potential for information exposure remains significant in settings where physical access is a risk.

Generated by OpenCVE AI on June 2, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ThinOS 10 to version 2602_10.0765 or later to eliminate the improper access control flaw.
  • If an immediate upgrade is not possible, restrict physical access to affected devices, enforce strict access policies, and monitor for unauthorized entry.
  • Configure network and local access controls to limit management interface exposure, ensuring that only authorized personnel can interact with the operating system.

Generated by OpenCVE AI on June 2, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell thinos
Vendors & Products Dell
Dell thinos

Tue, 02 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Dell ThinOS 10 Leading to Information Exposure

Tue, 02 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Dell Thinos
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-02T17:22:36.763Z

Reserved: 2026-04-15T05:04:31.837Z

Link: CVE-2026-40713

cve-icon Vulnrichment

Updated: 2026-06-02T17:22:33.937Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T17:16:29.417

Modified: 2026-06-02T17:18:50.850

Link: CVE-2026-40713

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:00:12Z

Weaknesses