Cyber Resilience

CVE-2026-24502

High

Published: 03 March 2026

Published
03 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0018 7.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24502 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Dell Command \| Intel Vpro Out Of Band. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 7.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-24502 is an Uncontrolled Search Path Element vulnerability (CWE-427) in Dell Command | Intel vPro Out of Band, affecting versions prior to 4.7.0. Published on 2026-03-03, the issue has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts with a changed scope.

A low-privileged attacker with local access can exploit this vulnerability, potentially leading to elevation of privileges on the affected system.

Dell Security Advisory DSA-2026-106 provides details on mitigation and patches: https://www.dell.com/support/kbdoc/en-us/000429179/dsa-2026-106.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CWE-427 uncontrolled search path enables local DLL search order hijacking (T1038) for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21420Same vendor: Dell
CVE-2026-7279Shared CWE-427
CVE-2026-32658Same vendor: Dell
CVE-2024-9495Shared CWE-427
CVE-2025-69784Shared CWE-427
CVE-2026-22765Same vendor: Dell
CVE-2024-9492Shared CWE-427
CVE-2025-27688Same vendor: Dell
CVE-2026-21425Same vendor: Dell
CVE-2024-55898Shared CWE-427

Affected Assets

dell
command \| intel vpro out of band
≤ 4.7.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the vulnerability by requiring timely remediation of flaws through patching the affected Dell Command | Intel vPro Out of Band software.

prevent

Enforces secure configuration settings such as safe DLL search order mode to mitigate uncontrolled search path exploitation.

prevent

Enforces strict access controls on directories in the application's search path to prevent low-privileged attackers from placing malicious libraries.

References