Description
Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Published: 2026-06-25
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell Display and Peripheral Manager for Windows contains an improper access control flaw (CWE‑284). A local user with low privileges could bypass security checks and obtain the ability to execute code on the affected system. This vulnerability directly threatens the confidentiality and integrity of any data or processes accessed by the compromised account.

Affected Systems

The issue is present in Dell Display and Peripheral Manager versions older than 2.3 on Windows operating systems. No other products or versions are listed as affected.

Risk and Exploitability

The vulnerability is scored with a CVSS of 7.8, indicating high severity. The EPSS score is not available and the vulnerability is not currently listed in the CISA KEV catalog. Exploitability requires local, low‑privileged access; therefore, the attack vector is likely local. While it is not known to be actively exploited in the wild, the combination of a high CVSS score and local code execution potential warrants prompt mitigation.

Generated by OpenCVE AI on June 25, 2026 at 15:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Dell Display and Peripheral Manager to version 2.3 or later to fix the improper access control issue.
  • If immediate patching is not possible, restrict low‑privileged local accounts from accessing the DDPM service and consider disabling the application if it is not required for critical operations.
  • Apply any vendor‑issued security settings or workarounds that limit execution privileges for the DDPM program.

Generated by OpenCVE AI on June 25, 2026 at 15:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell display And Peripheral Manager
Vendors & Products Dell
Dell display And Peripheral Manager

Thu, 25 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title Improper Access Control Allows Local Code Execution in Dell Display and Peripheral Manager

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Dell Display And Peripheral Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-26T03:55:48.131Z

Reserved: 2026-05-17T17:04:27.066Z

Link: CVE-2026-46733

cve-icon Vulnrichment

Updated: 2026-06-25T23:25:20.703Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T23:00:13Z

Weaknesses