Detections
Analytics

Dell iDRAC Tools < 11.4.1.0 Improper Link Resolution (DSA-2026-239)

medium Nessus Plugin ID 321530

Synopsis

The remote host has an installation of Dell iDRAC Tools that is affected by a link following vulnerability.

Description

According to its self-reported version, the Dell iDRAC Tools installation on the remote host is affected by a link following vulnerability. Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update Dell iDRAC Tools to version 11.4.1.0 or later.

See Also

http://www.nessus.org/u?ac934299

Plugin Details

Severity: Medium

ID: 321530

File Name: dell_idrac_tools_dsa-2026-239.nasl

Version: 1.1

Type: Local

Agent: windows, macosx, unix

Family: Misc.

Published: 6/19/2026

Updated: 6/19/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS2#AV:L/AC:H/Au:S/C:N/I:C/A:C

CVSS Score Source: CVE-2026-28262

CVSS v3

Risk Factor: Medium

Base Score: 6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H

Vulnerability Information

CPE: x-cpe:/a:dell:idrac_tools

Required KB Items: installed_sw/Dell iDRAC Tools

Patch Publication Date: 6/9/2026

Vulnerability Publication Date: 6/9/2026

Reference Information

CVE: CVE-2026-28262

IAVA: 2026-A-0599