CVE-2026-35155: CWE-522: Insufficiently Protected Credentials in Dell iDRAC10
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.
AI Analysis
Technical Summary
CVE-2026-35155 is a high-severity vulnerability affecting Dell iDRAC10 versions 1.20.70.50 and 1.30.05.10. It involves insufficient protection of credentials stemming from a race condition that could be exploited by an authenticated low-privileged attacker to gain elevated access. The CVSS 3.1 vector indicates network attack vector, high attack complexity, low privileges required, user interaction required, and impacts confidentiality, integrity, and availability. No patch or official remediation level has been disclosed by Dell, and no known exploits are reported.
Potential Impact
An authenticated attacker with low privileges could exploit this vulnerability to escalate their privileges, potentially gaining high-level access to the affected system. This could compromise confidentiality, integrity, and availability of the system managed via Dell iDRAC10. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to Dell iDRAC10 interfaces to trusted administrators only and monitor for unusual authentication activity. Avoid exposing iDRAC interfaces to untrusted networks.
CVE-2026-35155: CWE-522: Insufficiently Protected Credentials in Dell iDRAC10
Description
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-35155 is a high-severity vulnerability affecting Dell iDRAC10 versions 1.20.70.50 and 1.30.05.10. It involves insufficient protection of credentials stemming from a race condition that could be exploited by an authenticated low-privileged attacker to gain elevated access. The CVSS 3.1 vector indicates network attack vector, high attack complexity, low privileges required, user interaction required, and impacts confidentiality, integrity, and availability. No patch or official remediation level has been disclosed by Dell, and no known exploits are reported.
Potential Impact
An authenticated attacker with low privileges could exploit this vulnerability to escalate their privileges, potentially gaining high-level access to the affected system. This could compromise confidentiality, integrity, and availability of the system managed via Dell iDRAC10. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to Dell iDRAC10 interfaces to trusted administrators only and monitor for unusual authentication activity. Avoid exposing iDRAC interfaces to untrusted networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- dell
- Date Reserved
- 2026-04-01T17:04:27.475Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f1f133cbff5d861004adaa
Added to database: 4/29/2026, 11:53:23 AM
Last enriched: 4/29/2026, 12:06:20 PM
Last updated: 4/30/2026, 3:49:25 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.