Platform
dell
Component
dell-storage-manager
Fixed in
8.0.3
CVE-2026-23772 describes an Improper Privilege Management vulnerability found in Dell Storage Manager - Replay Manager for Microsoft Servers. This flaw allows a low-privileged attacker with local access to potentially escalate their privileges within the system. The vulnerability affects versions 0.0.0 through 8.0.3, and a fix is available in version 8.0.3 or later.
Successful exploitation of CVE-2026-23772 could grant an attacker unauthorized access to sensitive data and system resources. An attacker could leverage this privilege escalation to gain administrative control over the affected server, potentially leading to data breaches, system compromise, and disruption of services. The impact is particularly concerning in environments where Dell Storage Manager is used to manage critical storage infrastructure, as a compromised system could impact data integrity and availability across the organization. While the vulnerability requires local access, this could be achieved through physical access or by exploiting other vulnerabilities to gain a foothold on the system.
CVE-2026-23772 was publicly disclosed on 2026-04-16. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. The EPSS score is likely to be low to medium, given the requirement for local access and the absence of public exploits.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-23772 is to upgrade Dell Storage Manager - Replay Manager for Microsoft Servers to version 8.0.3 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls to limit the potential impact of a successful attack. Review user permissions and ensure that only authorized personnel have local access to the server. Implement robust monitoring and auditing to detect any suspicious activity. While a direct WAF rule is unlikely, consider network segmentation to limit lateral movement if the system is compromised.
Apply the security update DSA-2026-058 provided by Dell for Dell Storage Manager - Replay Manager for Microsoft Servers to version 8.0.3 or later. This update addresses the Improper Privilege Management vulnerability that could allow for privilege escalation. Refer to Dell documentation for detailed instructions on how to apply the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-23772 is a HIGH severity vulnerability in Dell Storage Manager - Replay Manager for Microsoft Servers allowing a low-privileged local attacker to elevate privileges.
You are affected if you are running Dell Storage Manager - Replay Manager for Microsoft Servers versions 0.0.0 through 8.0.3.
Upgrade to Dell Storage Manager - Replay Manager for Microsoft Servers version 8.0.3 or later to resolve this vulnerability.
As of now, there are no known public exploits or active campaigns targeting CVE-2026-23772.
Refer to the official Dell Security Advisory for detailed information and updates regarding CVE-2026-23772.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.