CVE-2026-35155EXPLOITEDPATCHED

dell · idrac10_firmware

CVE-2026-35155: Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race

Description

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.

Affected Products

Vendor	Product	Versions
dell	idrac10_firmware	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
dell	integrated dell remote access	cert_advisory	90%
dell	idrac10	cve_cpe	95%

References

https://www.dell.com/support/kbdoc/en-us/000452298/dsa-2026-187-security-update-for-dell-idrac10-vulnerability(vendor-advisory)

Related News (2 articles)

Tier B

BSI Advisories5d ago

[NEU] [mittel] Dell integrated Dell Remote Access Controller: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

→ No new info (linked only)

Tier C

VulDB5d ago

CVE-2026-35155 | Dell iDRAC10 1.20.70.50/1.30.05.10 insufficiently protected credentials (dsa-2026-187 / EUVD-2026-26193)

→ No new info (linked only)

CVSS 3.17.1 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.30.10.50 or later

CWECWE-522

PublishedApr 29, 2026

Last enriched5d agov2

Trending Score29

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

PRE-CVE

Dell security advisory (AV26-414)

Trending: 20

MEDIUMCVE-2026-23773EXP

CVE-2026-23773: Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability.

Trending: 18

MEDIUMCVE-2026-27105

CVE-2026-27105: Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link

Trending: 12

MEDIUMCVE-2026-25908

CVE-2026-25908: Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulne

Trending: 12

MEDIUMCVE-2026-32655

CVE-2026-32655: Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A l

Trending: 12

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 29, 2026

Discovered by ZDM

Apr 29, 2026

Updated: severity, activelyExploited

Apr 29, 2026

Actively Exploited

Apr 30, 2026

Patch Available

Apr 30, 2026

Version History

Last enriched 5d ago

v2Tier C5d ago

Updated severity to CRITICAL and changed exploit availability to false, marking the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v15d ago

Initial creation