How serious is CVE-2026-21420?

This vulnerability has a CVSS score of 7.8 out of 10, classified as HIGH severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-21420?

Yes, proof-of-concept exploit code for CVE-2026-21420 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-21420?

CVE-2026-21420 affects dell repository manager. Check the full CVE details for specific version information.

How do I fix CVE-2026-21420?

To remediate CVE-2026-21420, check for security patches from dell. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-21420

High

|7.8

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker with low-level access to the Dell Repository Manager to run their own code on the system, potentially gaining higher privileges. To exploit this, the attacker needs to have local access to the system where the software is installed.

Technical Description

Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$2,684($1K-$5K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Feb 23, 2026

about 1 month ago

Last Modified

Feb 24, 2026

about 1 month ago

Vendor

dell

Product

repository manager

Related Vulnerabilities

CVE-2026-25907High

An attacker can exploit a flaw in Dell PowerScale OneFS to lock out user accounts, causing a denial of service that prevents legitimate users from accessing the system. This requires the attacker to have remote access, but they do not need to be authenticated to take advantage of this vulnerability.

CVE-2026-22270Medium

This vulnerability allows a high-privileged attacker with local access to the Dell PowerScale OneFS system to potentially disrupt services, gain higher access rights, or access sensitive information. It affects specific versions of the software, so users running outdated versions are at risk.

CVE-2026-21426Medium

This vulnerability allows a high-privileged attacker with local access to the Dell PowerScale OneFS system to potentially cause a denial of service, gain higher privileges, or access sensitive information. It affects specific versions of the software, so systems running outdated versions are at risk.

CVE-2026-21425High

An attacker with low-level access to a Dell PowerScale OneFS system could exploit a flaw to gain higher privileges, allowing them to perform unauthorized actions. This vulnerability affects specific versions of the software, so it’s crucial to ensure you are running an updated version to protect against this risk.

CVE-2026-21424Medium

An attacker with local access to Dell PowerScale OneFS can exploit a flaw to gain higher privileges than intended, potentially allowing them to execute unauthorized actions on the system. This vulnerability affects specific versions of the software, so users should ensure they are running the latest updates to mitigate the risk.