Platform
dell
Component
dell-powerprotect-agent
Fixed in
20.1.0.0 or later
CVE-2026-28264 identifies an Incorrect Permission Assignment for Critical Resource vulnerability within the Dell PowerProtect Agent service. Successful exploitation by a low-privileged attacker with local access could lead to information exposure. This vulnerability affects versions 0 through 20.1.0.0. Dell has released update 20.1.0.0 to address this issue.
The primary impact of CVE-2026-28264 is information disclosure. An attacker with local access to a system running a vulnerable version of Dell PowerProtect Agent could potentially gain access to sensitive data stored or processed by the agent. While the CVSS score is LOW, the potential for data exposure necessitates prompt remediation. The attack requires local access, limiting the immediate blast radius, but could facilitate further compromise if the exposed information is used to escalate privileges or gain access to other systems.
CVE-2026-28264 was publicly disclosed on 2026-04-08. Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is considered low.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-28264 is to upgrade Dell PowerProtect Agent to version 20.1.0.0 or later. If an immediate upgrade is not feasible, consider restricting local access to systems running the vulnerable agent. Implement strict access controls and monitor for suspicious activity. While no specific WAF or proxy rules are applicable, reviewing agent configuration for unnecessary permissions is recommended. After upgrade, confirm successful remediation by verifying the agent version and checking system logs for any related errors.
Update the Dell PowerProtect Agent Service to version 20.1 or later. See Dell support website security advisory DSA-2026-158 for more details and upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-28264 is a LOW severity vulnerability in Dell PowerProtect Agent affecting versions 0–20.1.0.0. It allows a local attacker to potentially expose information due to incorrect permission assignments.
You are affected if you are running Dell PowerProtect Agent versions 0 through 20.1.0.0. Check your installed version and upgrade if necessary.
Upgrade Dell PowerProtect Agent to version 20.1.0.0 or later to resolve the vulnerability. Consider restricting local access as an interim measure.
Currently, there are no publicly known active exploits for CVE-2026-28264, but proactive patching is still recommended.
Refer to the official Dell Security Advisory for detailed information and remediation steps: [https://www.dell.com/support/kbdoc/en-us/000123456]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.