Cyber Resilience

CVE-2026-26949

Medium

Published: 04 March 2026

Published
04 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 4.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26949 is a medium-severity Incorrect Authorization (CWE-863) vulnerability in Dell Device Management Agent. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-26949, published on 2026-03-04, is an Incorrect Authorization vulnerability (CWE-863) affecting Dell Device Management Agent (DDMA) versions prior to 26.02. The issue stems from flawed authorization checks within the agent, earning a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with local attack vector, low complexity, and low privileges required.

A low-privileged attacker with local access to the system can exploit this vulnerability to escalate privileges. Successful exploitation allows the attacker to access confidential information, as reflected in the high confidentiality impact score, without affecting integrity or availability.

Dell has published security advisory DSA-2026-105 at https://www.dell.com/support/kbdoc/en-us/000429177/dsa-2026-105, which details the vulnerability and recommends updating to DDMA version 26.02 or later to mitigate the issue.

EU & UK References

Vulnerability details

Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Incorrect authorization vulnerability enabling local privilege escalation from low-privileged context directly maps to T1068; high confidentiality impact follows from escalated access to local data.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-27688Same vendor: Dell
CVE-2024-48013Same vendor: Dell
CVE-2026-22267Same vendor: Dell
CVE-2026-22768Same vendor: Dell
CVE-2025-24385Same vendor: Dell
CVE-2026-25908Same vendor: Dell
CVE-2025-22395Same vendor: Dell
CVE-2026-23862Same vendor: Dell
CVE-2026-25906Same vendor: Dell
CVE-2024-49561Same vendor: Dell

Affected Assets

dell
device management agent
≤ 26.02

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authorization checks inside DDMA to block the flawed privilege-escalation path used by the low-privileged local attacker.

prevent

Limits the initial privileges granted to the local account, reducing the impact surface even if the authorization flaw in DDMA is triggered.

prevent

Requires a tamper-proof reference monitor to mediate all DDMA access decisions, mitigating the incorrect authorization logic described in CWE-863.

References