Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability

Description

Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Affected Products

Vendor	Product	Versions
dell	openmanage_network_integration	< 3.9

References

https://www.dell.com/support/kbdoc/en-us/000420893/dsa-2026-045-security-update-for-dell-openmanage-network-integration-omni-vulnerabilities(Vendor Advisory)

CVSS 3.14.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available3.9

CWECWE-287

PublishedJan 29, 2026

Last enriched4d ago

Trending Score0

Source articles0

Independent0

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

PRE-CVE

Multiple Third-Party Component Vulnerabilities in Dell Products

Trending: 20

HIGHCVE-2025-36589

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially explo

MEDIUMCVE-2026-24510

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vu

MEDIUMCVE-2026-22275

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with

MEDIUMCVE-2026-22274

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenti

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Jan 29, 2026

Patch Available

Feb 13, 2026

Discovered by ZDM

Mar 26, 2026