CVE-2026-26949
Published: 04 March 2026
Summary
CVE-2026-26949 is a medium-severity Incorrect Authorization (CWE-863) vulnerability in Dell Device Management Agent. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-26949, published on 2026-03-04, is an Incorrect Authorization vulnerability (CWE-863) affecting Dell Device Management Agent (DDMA) versions prior to 26.02. The issue stems from flawed authorization checks within the agent, earning a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with local attack vector, low complexity, and low privileges required.
A low-privileged attacker with local access to the system can exploit this vulnerability to escalate privileges. Successful exploitation allows the attacker to access confidential information, as reflected in the high confidentiality impact score, without affecting integrity or availability.
Dell has published security advisory DSA-2026-105 at https://www.dell.com/support/kbdoc/en-us/000429177/dsa-2026-105, which details the vulnerability and recommends updating to DDMA version 26.02 or later to mitigate the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9446
Vulnerability details
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Incorrect authorization vulnerability enabling local privilege escalation from low-privileged context directly maps to T1068; high confidentiality impact follows from escalated access to local data.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authorization checks inside DDMA to block the flawed privilege-escalation path used by the low-privileged local attacker.
Limits the initial privileges granted to the local account, reducing the impact surface even if the authorization flaw in DDMA is triggered.
Requires a tamper-proof reference monitor to mediate all DDMA access decisions, mitigating the incorrect authorization logic described in CWE-863.