{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26945", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-02-16T18:04:20.508Z", "datePublished": "2026-03-18T17:27:23.742Z", "dateUpdated": "2026-03-18T18:13:41.928Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-18T17:27:23.742Z"}, "datePublic": "2026-03-17T06:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-114", "description": "CWE-114: Process Control", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "Integrated Dell Remote Access Controller", "versions": [{"status": "affected", "version": "0", "lessThan": "7.00.00.181 or later", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "7.20.10.50 or later", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "1.20.25.00 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T18:11:54.657488Z", "id": "CVE-2026-26945", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T18:13:41.928Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26945", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T18:11:54.657488Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T18:11:57.040Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Integrated Dell Remote Access Controller", "versions": [{"status": "affected", "version": "0", "lessThan": "7.00.00.181 or later", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "7.20.10.50 or later", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "1.20.25.00 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-17T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.", "supportingMedia": [{"type": "text/html", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-114", "description": "CWE-114: Process Control"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-18T17:27:23.742Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26945", "state": "PUBLISHED", "dateUpdated": "2026-03-18T18:13:41.928Z", "dateReserved": "2026-02-16T18:04:20.508Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-03-18T17:27:23.742Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution."}], "id": "CVE-2026-26945", "lastModified": "2026-03-19T13:25:00.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-03-18T18:16:26.347", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-114"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.00.00.181)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.20.10.50)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.20.25.00)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "Integrated Dell Remote Access Controller", "source": "cna", "vendor": "Dell"}, "product": "integrated_dell_remote_access_controller_8", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-03-18T19:26:49.119094+00:00", "value": {"mitigation_remediation": ["Update iDRAC firmware to at least 7.00.00.181 for iDRAC 9/14G, 7.20.10.50 for iDRAC 15G/16G, or 1.20.25.00 for iDRAC 10/17G using the Dell security update referenced in the knowledge base article.", "If immediate firmware update is not possible, restrict local administrative or remote control access to the iDRAC and monitor for unusual activity from adjacent network segments.", "Consult Dell support for guidance on temporary mitigations if the firmware update cannot be applied in the short term."], "summary": {"action": "Immediate Patch", "impact": "Code Execution"}, "threat_synthesis": {"affected_systems": "Affected systems are Dell iDRAC firmware versions: iDRAC 9/14G prior to 7.00.00.181; iDRAC 15G/16G prior to 7.20.10.50; iDRAC 10/17G prior to 1.20.25.00. Users of any of these firmware releases are potentially vulnerable.", "description_and_impact": "A process control flaw exists in Dell Integrated Dell Remote Access Controller firmware versions before 7.00.00.181 for iDRAC 9/14G, 7.20.10.50 for iDRAC 15G/16G, and 1.20.25.00 for iDRAC 10/17G. Key detail from vendor description: a high\u2011privileged attacker with adjacent network access could exploit this vulnerability, leading to code execution. The weakness is identified as CWE\u2011114 (Process Control).", "risk_and_exploitability": "The CVSS score is 5.3, indicating moderate severity. EPSS data is not available and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting it has not been actively exploited publicly yet. Based on the description, the likely attack vector requires the attacker to have high privilege on the same network as the iDRAC, implying the need for close network proximity or credential compromise. The vulnerability permits remote code execution if exploited, which could allow an attacker to take control of the server through the iDRAC interface."}}}}, "created": "2026-03-19T08:56:17.555222+00:00", "title": "Process Control Vulnerability in Dell Integrated Dell Remote Access Controller (iDRAC)", "updated": "2026-03-24T10:58:26.363296+00:00", "vendors": ["dell", "dell$PRODUCT$integrated_dell_remote_access_controller_8"]}