{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26033", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-02-10T05:52:34.659Z", "datePublished": "2026-03-05T02:24:09.981Z", "dateUpdated": "2026-03-05T15:41:51.417Z"}, "containers": {"cna": {"affected": [{"vendor": "Dell Inc.", "product": "UPS Multi-UPS Management Console (MUMC)", "versions": [{"version": "01.06.0001 (A03)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges."}], "problemTypes": [{"descriptions": [{"description": "Unquoted search path or element", "lang": "en-US", "cweId": "CWE-428", "type": "CWE"}]}], "references": [{"url": "https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=038h3"}, {"url": "https://jvn.jp/en/jp/JVN56544509/"}], "tags": ["unsupported-when-assigned"], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 6.7, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-05T02:24:09.981Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:32:42.504056Z", "id": "CVE-2026-26033", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:41:51.417Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26033", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T15:32:42.504056Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:32:43.611Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell Inc.", "product": "UPS Multi-UPS Management Console (MUMC)", "versions": [{"status": "affected", "version": "01.06.0001 (A03)"}]}], "references": [{"url": "https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=038h3"}, {"url": "https://jvn.jp/en/jp/JVN56544509/"}], "descriptions": [{"lang": "en", "value": "UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-428", "description": "Unquoted search path or element"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-05T02:24:09.981Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26033", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:41:51.417Z", "dateReserved": "2026-02-10T05:52:34.659Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-03-05T02:24:09.981Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:ups_multi-ups_management_console:01.06.0001_\\(a03\\):*:*:*:*:*:*:*", "matchCriteriaId": "6D712110-5CBE-465C-B83B-30ACA1CFF098", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "vultures@jpcert.or.jp", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges."}], "id": "CVE-2026-26033", "lastModified": "2026-03-09T18:43:50.357", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-03-05T03:15:54.333", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN56544509/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=038h3"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "01.06.0001 (A03)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "UPS Multi-UPS Management Console (MUMC)", "source": "cna", "vendor": "Dell Inc."}, "product": "ups_multi-ups_management_console_(mumc)", "vendor": "dell_inc."}], "analysis": {"en": {"generated_at": "2026-04-16T12:58:42.705513+00:00", "value": {"mitigation_remediation": ["Apply Dell\u2019s latest update for the UPS Multi\u2011UPS Management Console (driverid\u202f038h3) to replace the vulnerable executable with a fixed version.", "Restrict write permissions on any directories located on the system drive so that only trusted administrators can add or modify files, preventing the placement of malicious binaries in those paths.", "If a patch is not available immediately, move the console\u2019s executable files to a directory that is not part of an unquoted search path or modify the environment so that the system\u2019s search path includes only quoted entries, thereby blocking unquoted-path execution."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution with SYSTEM privileges"}, "threat_synthesis": {"affected_systems": "Systems running Dell Inc.\u2019s UPS Multi\u2011UPS Management Console, specifically version\u202f01.06.0001 (A03), are affected. No other Dell UPS software versions are listed as impacted in the available data. The vulnerability is tied to the console\u2019s handling of unquoted paths during executable resolution on the system drive.", "description_and_impact": "The Dell UPS Multi\u2011UPS Management Console (MUMC) version\u202f01.06.0001 (A03) implements an unquoted search path mechanism that is exploited by an attacker to direct the system to execute a malicious file that the attacker has placed in a writable directory on the system drive. This flaw falls under CWE\u2011428 and allows an attacker to run arbitrary code with SYSTEM privileges, thereby compromising confidentiality, integrity, and availability of the UPS system as well as any other services running on the same machine.", "risk_and_exploitability": "The CVSS score of 8.4 marks this flaw as high severity. The EPSS score being less than\u202f1\u202f% indicates a very low estimated exploitation probability at this time, and the vulnerability is not currently tracked in CISA\u2019s KEV catalog. However, the attack requires a local user with write access to a system\u2011drive directory, so if such privileges are available, the exploitation is straightforward and the impact is immediate. The high privilege escalation potential warrants urgent attention, even though the likelihood of deployment in the wild remains low."}}}}, "created": "2026-03-06T15:17:57.231341+00:00", "title": "Unquoted Search Path in Dell UPS Multi\u2011UPS Management Console Enables Arbitrary Code Execution", "updated": "2026-04-16T13:00:11.091545+00:00", "vendors": ["dell_inc.", "dell_inc.$PRODUCT$ups_multi-ups_management_console_(mumc)"]}