Description
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
Published: 2026-06-09
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell/Alienware Purchased Apps versions prior to 1.1.32.0 contain an Improper Link Resolution Before File Access (Link Following) flaw. A low‑privileged user with local access could craft a malformed link that the application resolves to an arbitrary target, resulting in a writable file location of the attacker’s choosing. The impact is the ability to overwrite or create files, potentially compromising the application or the host system.

Affected Systems

The vulnerability affects Dell’s Alienware Purchased Apps software released before version 1.1.32.0. No specific hardware or operating system constraints are listed, so the issue applies to any deployment of those software versions.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. The EPSS score is unavailable, so the likelihood of exploitation is unknown, but the issue is not listed in CISA’s KEV catalog. The attack vector is inferred to be local because the description states a low‑privileged attacker with local access can exploit it. To exploit the flaw, the attacker must create a link that bypasses proper resolution checks and write to a target file, which requires the application’s write permissions. No publicly known exploit is documented.

Generated by OpenCVE AI on June 9, 2026 at 21:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Alienware Purchased Apps to version 1.1.32.0 or later, which removes the link‑following flaw.
  • Re‑configure the application’s user permissions to limit write access to only the directories required for normal operation, preventing arbitrary file modifications.
  • Implement file integrity monitoring to detect unexpected changes to critical binaries or configuration files that could indicate exploitation attempts.

Generated by OpenCVE AI on June 9, 2026 at 21:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-09T19:33:43.044Z

Reserved: 2026-05-05T17:04:45.714Z

Link: CVE-2026-44275

cve-icon Vulnrichment

Updated: 2026-06-09T19:33:38.938Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T18:16:49.293

Modified: 2026-06-09T19:30:24.713

Link: CVE-2026-44275

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:15:05Z

Weaknesses