{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35155", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-04-01T17:04:27.475Z", "datePublished": "2026-04-29T03:50:56.690Z", "dateUpdated": "2026-04-30T03:55:52.264Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-29T03:50:56.690Z"}, "datePublic": "2026-04-27T18:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "iDRAC10", "versions": [{"status": "affected", "version": "0", "lessThan": "1.30.10.50 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low\u2011privileged attacker to gain elevated access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low\u2011privileged attacker to gain elevated access."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000452298/dsa-2026-187-security-update-for-dell-idrac10-vulnerability", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-29T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-35155"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-30T03:55:52.264Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35155", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-29T12:12:02.094536Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-29T12:12:05.650Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "iDRAC10", "versions": [{"status": "affected", "version": "0", "lessThan": "1.30.10.50 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-27T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000452298/dsa-2026-187-security-update-for-dell-idrac10-vulnerability", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low\u2011privileged attacker to gain elevated access.", "supportingMedia": [{"type": "text/html", "value": "Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low\u2011privileged attacker to gain elevated access.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-29T03:50:56.690Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35155", "state": "PUBLISHED", "dateUpdated": "2026-04-30T03:55:52.264Z", "dateReserved": "2026-04-01T17:04:27.475Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-29T03:50:56.690Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:idrac10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "233EC5F2-043A-4999-BD05-3A78E0845407", "versionEndExcluding": "1.30.10.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:idrac10:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BFCEF7B-7BE5-49C4-9206-C8417174E313", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low\u2011privileged attacker to gain elevated access."}], "id": "CVE-2026-35155", "lastModified": "2026-05-01T17:40:44.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-29T05:16:04.523", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000452298/dsa-2026-187-security-update-for-dell-idrac10-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.30.10.50)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "iDRAC10", "source": "cna", "vendor": "Dell"}, "product": "idrac10", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-29T06:20:59.319500+00:00", "value": {"mitigation_remediation": ["Update the iDRAC firmware to a version that includes the Dell security update referenced in the advisory", "Restrict or disable low\u2011privileged accounts on the iDRAC interface and enforce least\u2011privilege policies", "Monitor iDRAC logs for anomalous authentication or privilege escalation events"], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected systems are Dell iDRAC10 interfaces running firmware versions 1.20.70.50 or 1.30.05.10. No other Dell iDRAC variants or firmware revisions are listed as vulnerable.", "description_and_impact": "Dell iDRAC10 firmware versions 1.20.70.50 and 1.30.05.10 contain a race condition that results in insufficiently protected credentials, as identified by CWE\u2011522. A user who already has low\u2011privileged authentication can trigger the race condition to obtain elevated access rights, effectively bypassing the intended credential safeguards. This escalation could allow the attacker to modify iDRAC settings, view or alter configuration files, and gain broader control over the host server, thereby compromising integrity and potentially confidentiality of sensitive host information.", "risk_and_exploitability": "The vulnerability is rated a CVSS score of 7.1, indicating high risk, but no EPSS data is available to assess current exploit probability. The vulnerability is not listed in CISA's KEV catalog. The race condition requires an authenticated low\u2011privileged local account; therefore an attacker must have physical or remote access to the iDRAC interface and legitimate credentials. Exploitation would involve timing the credential verification routine to duplicate authentication tickets or tokens, thereby elevating privileges. While the exact implementational details are not fully documented, the referred Dell advisory indicates that the issue has been patched and should be addressed promptly."}}}}, "created": "2026-04-29T06:30:04.393218+00:00", "title": "Authenticated Low\u2011Privileged Attacker Can Gain Elevated Access in Dell iDRAC10 via Race Condition", "updated": "2026-04-29T07:30:05.163783+00:00", "vendors": ["dell", "dell$PRODUCT$idrac10"], "weaknesses": ["CWE-522"]}