{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26948", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-02-16T18:04:20.509Z", "datePublished": "2026-03-18T17:40:25.370Z", "dateUpdated": "2026-03-18T18:14:17.609Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-18T17:40:25.370Z"}, "datePublic": "2026-03-17T06:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1258", "description": "CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "Integrated Dell Remote Access Controller", "versions": [{"status": "affected", "version": "0", "lessThan": "7.00.00.174 or later", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "7.10.90.00 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T18:14:09.792721Z", "id": "CVE-2026-26948", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T18:14:17.609Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T18:14:09.792721Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T18:14:12.952Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Integrated Dell Remote Access Controller", "versions": [{"status": "affected", "version": "0", "lessThan": "7.00.00.174 or later", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "7.10.90.00 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-17T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.", "supportingMedia": [{"type": "text/html", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1258", "description": "CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-18T17:40:25.370Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26948", "state": "PUBLISHED", "dateUpdated": "2026-03-18T18:14:17.609Z", "dateReserved": "2026-02-16T18:04:20.509Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-03-18T17:40:25.370Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure."}], "id": "CVE-2026-26948", "lastModified": "2026-03-19T13:25:00.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-03-18T18:16:26.530", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1258"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.00.00.174)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.10.90.00)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "Integrated Dell Remote Access Controller", "source": "cna", "vendor": "Dell"}, "product": "integrated_dell_remote_access_controller_8", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-03-18T19:26:34.669764+00:00", "value": {"mitigation_remediation": ["Apply the Dell iDRAC security update to firmware version 7.00.00.174 or higher for iDRAC9 and iDRAC10 14G, and to 7.10.90.00 or higher for iDRAC10 15G and 16G as detailed in the Dell support advisory. ", "If immediate patching is not possible, restrict external network access to the iDRAC interface to trusted administrators only and disable any debug logging features if configurable. "], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Dell iDRAC9 and iDRAC10 firmware releases from the 9 and 14G family before 7.00.00.174 and from the 15G and 16G family before 7.10.90.00 are affected. These include all deployments of the Integrated Dell Remote Access Controller that run the specified firmware versions on Dell servers.", "description_and_impact": "Dell Integrated Dell Remote Access Controller firmware versions prior to 7.00.00.174 (9 and 14G) and 7.10.90.00 (15G and 16G) contain sensitive debug information that is not properly cleared. This leads to an exposure of sensitive system information. The vulnerability is categorized as CWE-1258, which indicates inappropriate inclusion of debug data that can expose confidential information. As a result, an attacker can potentially retrieve sensitive data, compromising confidentiality of the device and potentially the host system it manages.", "risk_and_exploitability": "The CVSS score of 4.9 indicates a low\u2011to\u2011moderate severity. The description confirms that a high privileged attacker with remote access can exploit the flaw. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not widely exploited yet. However, the attacker must have remote access and elevated privileges to the iDRAC interface to retrieve the exposed debug data, which suggests a targeted attack rather than mass exploitation."}}}}, "created": "2026-03-19T08:56:16.414946+00:00", "title": "Exposure of Sensitive System Information Due to Uncleared Debug Information in Dell iDRAC9 and iDRAC10", "updated": "2026-03-24T10:58:25.513544+00:00", "vendors": ["dell", "dell$PRODUCT$integrated_dell_remote_access_controller_8"]}