{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23862", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-16T18:05:07.319Z", "datePublished": "2026-03-16T17:28:44.696Z", "dateUpdated": "2026-03-17T03:55:37.692Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-16T17:48:52.676Z"}, "datePublic": "2026-03-16T17:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "ThinOS 10", "versions": [{"status": "affected", "version": "0", "lessThan": "2602_10.0573_T10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000435801/dsa-2026-122", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-23862"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T03:55:37.692Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23862", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-16T18:35:11.328399Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T18:35:15.520Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "ThinOS 10", "versions": [{"status": "affected", "version": "0", "lessThan": "2602_10.0573_T10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-16T17:00:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000435801/dsa-2026-122", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-16T17:48:52.676Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23862", "state": "PUBLISHED", "dateUpdated": "2026-03-17T03:55:37.692Z", "dateReserved": "2026-01-16T18:05:07.319Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-03-16T17:28:44.696Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges."}], "id": "CVE-2026-23862", "lastModified": "2026-03-17T14:20:01.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-03-16T18:16:06.980", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000435801/dsa-2026-122"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2602_10.0573_T10)"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}, {"score": 88.0, "source": "matching"}]}, "original": {"product": "ThinOS 10", "source": "cna", "vendor": "Dell"}, "product": "thinos", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-03-17T05:50:50.596051+00:00", "value": {"mitigation_remediation": ["Apply the Dell ThinOS 2602_10.0573 patch or newer to remove the command injection flaw.", "Verify that the device firmware is at least version 2602_10.0573; if it is older, upgrade the firmware to the latest Dell ThinOS release."], "summary": {"action": "Immediate Patch", "impact": "Elevation of Privileges"}, "threat_synthesis": {"affected_systems": "Affected product: Dell ThinOS\u00a010. All versions prior to ThinOS\u00a02602_10.0573 are vulnerable. The vulnerability requires local access; no remote exploitation is documented.", "description_and_impact": "The vulnerability is an Improper Neutralization of Special Elements used in a Command, also referred to as Command Injection (CWE-77). A local attacker with low privileged access can supply specially crafted input to bypass command sanitization and execute arbitrary system commands, resulting in elevation of privileges on the device. The affected component that processes local user inputs is where the vulnerability resides, inferred from the description of the command processing context.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity, and the EPSS score is not available, so exploitation likelihood cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, which reduces immediate threat signals. Nonetheless, because the attack vector is local and only low\u2011privileged access is needed, internal users or compromised local accounts are the primary risk. The likely attack vector is local, inferred from the mention of local low\u2011privileged access."}}}}, "created": "2026-03-17T09:52:28.145675+00:00", "title": "Dell ThinOS 10 Command Injection Elevating Privileges", "updated": "2026-03-24T10:50:08.619765+00:00", "vendors": ["dell", "dell$PRODUCT$thinos"]}