6.3
CVE-2026-41116
- EPSS 0.09%
- Veröffentlicht 09.06.2026 18:16:44
- Zuletzt bearbeitet 09.06.2026 19:30:24
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerDell
≫
Produkt
Inventory Collector Client
Default Statusunaffected
Version
0
Version <
13.8.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.004 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security_alert@emc.com | 6.3 | 1 | 5.2 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
|
CWE-1386 Insecure Operation on Windows Junction / Mount Point
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.
https://www.dell.com/support/kbdoc/en-us/000463760/dsa-2026-215