Home / Vulnerability Intelligence / CVE-2026-23857

CVE-2026-23857 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: February 12, 2026

Dell Update Package Framework - Privilege Escalation

Published: February 12, 2026Updated: February 12, 2026

Overview

Dell Update Package (DUP) Framework 23.12.00 through 24.12.00 contains an improper handling of insufficient permissions vulnerability, letting low privileged local attackers elevate their privileges, exploit requires local access with low privileges.

Severity & Score

Severity: High

CVSS Score: 8.2

EPSS Score: 1.0%(Probability of exploitation in next 30 days)

Impact

Low privileged local attackers can elevate their privileges, potentially gaining full control of the system.

Mitigation

Update to the latest version beyond 24.12.00.

References

https://www.dell.com/support/kbdoc/en-us/000426781/dsa-2026-081-security-update-for-dell-update-package-dup-framework-vulnerability

Social Media Activity(1 post)

Offensive Sequence

@offseq

Feb 12, 2026

Dell Update Package Framework (23.12.00 – 24.12.00) hit by HIGH severity (CVSS 8.2) vuln: improper permission checks enable local privilege escalation. Restrict access & monitor for updates. CVE-2026-23857 🛡️ https://radar.offseq.com/threat/cve-2026-23857-cwe-280-improper-handling-of-insuff-a6a15377 #OffSeq #Dell #PrivilegeEscalation #Vuln

View original post

Related Resources

Details

CVE ID: CVE-2026-23857
Severity: High
CVSS Score: 8.2
Type: broken_access_control
Status: unconfirmed
EPSS: 1.0%
Social Posts: 1

CWE

CWE-280

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score

1.0%Probability of exploitation in the next 30 days