Description
Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity.
Published: 2026-05-18
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell Live Optics Windows and Personal Edition collectors suffer from an improper certificate validation vulnerability (CWE-295) that allows a remote unauthenticated attacker to potentially access confidential information and alter transmitted data.

Affected Systems

The affected products are Dell Live Optics Windows and Personal Edition collectors. No specific version information was provided; all installations of these collectors are potentially vulnerable.

Risk and Exploitability

The CVSS score of 6.8 indicates a medium severity vulnerability. The EPSS score is not available, and it is currently not listed in the CISA KEV catalog. The vulnerability can be exploited over a network by an attacker who does not need authentication and can gain the ability to intercept or tamper with encrypted communications to the collector.

Generated by OpenCVE AI on May 18, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell security update for Live Optics Collector (refer to Dell article 000464862).
  • Ensure that the collector enforces proper SSL/TLS certificate validation and does not allow expired or untrusted certificates.
  • Monitor collector logs for unexpected certificate validation failures or unauthorized connection attempts.

Generated by OpenCVE AI on May 18, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell live Optics
Vendors & Products Dell
Dell live Optics

Mon, 18 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Improper SSL Certificate Validation in Dell Live Optics Collector

Mon, 18 May 2026 10:45:00 +0000

Type Values Removed Values Added
Description Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity.
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Dell Live Optics
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-19T03:55:25.048Z

Reserved: 2026-04-17T05:04:42.886Z

Link: CVE-2026-41119

cve-icon Vulnrichment

Updated: 2026-05-18T14:25:18.627Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-18T11:16:16.937

Modified: 2026-05-18T17:45:04.973

Link: CVE-2026-41119

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T08:19:00Z

Weaknesses