Zero Day MonitorZDM

← Back to list

3.3

CVE-2026-28264PATCHED

dell · powerprotect agent

CVE-2026-28264: Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Re

Description

Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Affected Products

Vendor	Product	Versions
dell	powerprotect agent	0

References

https://www.dell.com/support/kbdoc/en-us/000447277/dsa-2026-158-security-update-dell-powerprotect-data-manager-for-multiple-security-vulnerabilities(vendor-advisory)

Related News (1 articles)

Tier C

VulDB2d ago

CVE-2026-28264 | Dell PowerProtect Agent up to 20.0 Service permission assignment (dsa-2026-158)

→ No new info (linked only)

CVSS 3.13.3 LOW

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

20.1.0.0 or later

CWECWE-732

PublishedApr 8, 2026

Last enriched2d agov2

Trending Score14

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-27102

CVE-2026-27102: Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect p

MEDIUMCVE-2026-24511

CVE-2026-24511: Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation o

HIGHCVE-2026-28261

CVE-2026-28261: Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0

HIGHCVE-2026-22768

CVE-2026-22768: Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low

MEDIUMCVE-2026-27101

CVE-2026-27101: Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Impro

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Updated: affectedVersions, severity, cvssEstimate

Apr 8, 2026

Patch Available

Apr 8, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated affected versions to include 20.0, changed severity to MEDIUM, updated CVSS estimate to 5.0, and clarified that no exploit is available.

affectedVersionsseveritycvssEstimate

via VulDB

v12d ago

Initial creation