Cyber Resilience

CVE-2026-21420

High

Published: 23 February 2026

Published
23 February 2026
Modified
24 February 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0013 2.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-21420 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Dell Repository Manager. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-21420 is an Uncontrolled Search Path Element vulnerability (CWE-427) in Dell Repository Manager (DRM), affecting versions prior to 3.4.8. Published on 2026-02-23, the issue has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with low attack complexity.

A low-privileged attacker with local access can exploit this vulnerability by leveraging the uncontrolled search path, potentially achieving arbitrary code execution and escalation of privileges. Exploitation requires user interaction, such as running a malicious file or executable placed in a searchable path.

Dell's security advisory DSA-2026-059 details a security update addressing this vulnerability in Dell Repository Manager. Practitioners should apply the patch by updating to version 3.4.8 or later to mitigate the risk.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CWE-427 uncontrolled search path directly enables DLL/executable search-order hijacking (T1038/T1574.002) for local arbitrary code execution and privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24502Same vendor: Dell
CVE-2024-9492Shared CWE-427
CVE-2025-33229Shared CWE-427
CVE-2026-3091Shared CWE-427
CVE-2025-52541Shared CWE-427
CVE-2026-22267Same vendor: Dell
CVE-2026-26949Same vendor: Dell
CVE-2026-32658Same vendor: Dell
CVE-2026-24510Same vendor: Dell
CVE-2025-21105Same vendor: Dell

Affected Assets

dell
repository manager
≤ 3.4.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patch to upgrade DRM to 3.4.8+, eliminating the uncontrolled search path element before exploitation.

prevent

Enforces least privilege so a low-privileged local account cannot easily escalate via the arbitrary code loaded through the search path.

preventdetect

Requires integrity verification of executables and libraries, which can block or detect malicious code placed in an uncontrolled search path.

References