Cyber Posture

CVE-2026-23856

HighLPE

Published: 12 February 2026

Published
12 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23856 is a high-severity Improper Access Control (CWE-284) vulnerability in Dell (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Directly enforces approved authorizations for access to system resources, mitigating the improper access control that enables privilege escalation in iSM.

AC-6 Least Privilege good match
prevent

Employs least privilege to restrict low-privileged local attackers from gaining escalated access via the iSM vulnerability.

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation through patching iSM to versions 6.0.3.1 (Windows) or 5.4.1.1 (Linux), eliminating the improper access control vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local improper access control vulnerability enabling privilege escalation from low-privileged account to full system control.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this…

more

vulnerability, leading to Elevation of privileges.

Deeper analysisAI

CVE-2026-23856 is an Improper Access Control vulnerability (CWE-284) in the Dell iDRAC Service Module (iSM) for Windows, affecting versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, affecting versions prior to 5.4.1.1. Published on 2026-02-12, it carries a CVSS v3.1 base score of 7.8 (High), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating high impacts on confidentiality, integrity, and availability.

A low-privileged attacker with local access to the affected system can exploit this vulnerability to elevate privileges. The attack requires low complexity and no user interaction, allowing the attacker to potentially gain full control over the system once privileges are escalated.

Dell has addressed this issue in DSA-2026-077, a security update for the iDRAC Service Module vulnerability, available at https://www.dell.com/support/kbdoc/en-us/000426282/dsa-2026-077-security-update-for-dell-idrac-service-module-vulnerability. Security practitioners should update to iSM for Windows version 6.0.3.1 or later and iSM for Linux version 5.4.1.1 or later to mitigate the risk.

Details

CWE(s)
CWE-284

Affected Products

Dell
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-54914Shared CWE-284
CVE-2025-21359Shared CWE-284
CVE-2025-24042Shared CWE-284
CVE-2026-2311Shared CWE-284
CVE-2026-0844Shared CWE-284
CVE-2026-35242Shared CWE-284
CVE-2025-24994Shared CWE-284
CVE-2026-27914Shared CWE-284
CVE-2026-20843Shared CWE-284
CVE-2025-48619Shared CWE-284

References