Description
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Published: 2026-06-25
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an OS command injection flaw in Dell Display and Peripheral Manager (DDPM Mac) versions earlier than 2.3. A low‑privileged local attacker can supply crafted input that the software interprets as operating system commands, potentially executing arbitrary commands. The weakness is identified as CWE-78, and the impact is that confidentiality, integrity, and availability could be compromised if malicious commands are run.

Affected Systems

Dell Display and Peripheral Manager on macOS, specifically any deployment running a version older than 2.3. Users who have local access to the system and can run DDPM are susceptible.

Risk and Exploitability

The CVSS score of 7.8 categorizes this as high severity. No EPSS score is available, but the lack of data does not negate the potential for exploitation. The vulnerability is not listed in the CISA KEV catalog, but that does not reduce its risk. The likely attack vector is local access: a low‑privileged user must be able to interact with DDPM on the host. Once the flaw is triggered, the attacker can execute any command with the privileges of the DDPM process.

Generated by OpenCVE AI on June 25, 2026 at 15:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell Display and Peripheral Manager to version 2.3 or later to eliminate the injection flaw
  • If upgrading is not immediately possible, restrict access to the DDPM application by applying user‑level controls or disabling it for untrusted users
  • Monitor system logs for unexpected command execution or DDPM activity to detect potential exploitation

Generated by OpenCVE AI on June 25, 2026 at 15:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title Dell Display and Peripheral Manager OS Command Injection Vulnerability

Thu, 25 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-25T14:52:56.973Z

Reserved: 2026-05-17T17:04:27.066Z

Link: CVE-2026-46735

cve-icon Vulnrichment

Updated: 2026-06-25T14:52:52.607Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:00:12Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')