Plattform
dell
Komponente
dell-powerprotect-agent
Behoben in
20.1.0.0 or later
CVE-2026-28264 describes an Incorrect Permission Assignment for Critical Resource vulnerability affecting Dell PowerProtect Agent Service. A low-privileged attacker with local access could potentially exploit this flaw, leading to information exposure. This vulnerability impacts versions prior to 20.1. The issue is resolved in version 20.1.0.0 and later.
Successful exploitation of CVE-2026-28264 allows a local attacker to access resources that should be protected, potentially leading to the exposure of sensitive information. The specific data exposed depends on the resources affected by the incorrect permission assignment. This could include configuration files, logs, or other system data. While the impact is considered low, the exposure of sensitive information could still be detrimental to the confidentiality of the system.
CVE-2026-28264 was published on 2026-04-08. Severity is rated as Low (CVSS 3.3). No public exploits or active campaigns have been reported at the time of this writing. The vulnerability is not currently listed on KEV or EPSS, indicating a low probability of exploitation.
Organizations utilizing Dell PowerProtect Agent for data protection and backup, particularly those with legacy systems or configurations that grant broad local access privileges, are at risk. Environments with limited security controls and infrequent patching cycles are also more vulnerable.
• windows / supply-chain:
Get-Process -Name DellPowerProtectAgent | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-Acl -Path "C:\Program Files\Dell\Dell PowerProtect Agent\AgentService.exe" | Format-List• windows / supply-chain: Check Windows Event Logs for errors related to Dell PowerProtect Agent service permissions.
disclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-28264 is to upgrade Dell PowerProtect Agent Service to version 20.1.0.0 or later. If an immediate upgrade is not feasible, review and correct the permission assignments for critical resources to ensure they are properly restricted. Implement least privilege principles to minimize the potential impact of any future vulnerabilities. After upgrading, confirm the fix by verifying that the attacker no longer has access to the previously exposed resources.
Actualice el Dell PowerProtect Agent Service a la versión 20.1 o posterior. Consulte la nota de seguridad DSA-2026-158 en el sitio web de soporte de Dell para obtener más detalles e instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-28264 is a LOW severity vulnerability in Dell PowerProtect Agent affecting versions 0–20.1.0.0. It allows a local attacker to potentially expose information due to incorrect permission assignments.
You are affected if you are running Dell PowerProtect Agent versions 0 through 20.1.0.0. Check your installed version and upgrade if necessary.
Upgrade Dell PowerProtect Agent to version 20.1.0.0 or later to resolve the vulnerability. Consider restricting local access as an interim measure.
Currently, there are no publicly known active exploits for CVE-2026-28264, but proactive patching is still recommended.
Refer to the official Dell Security Advisory for detailed information and remediation steps: [https://www.dell.com/support/kbdoc/en-us/000123456]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.