Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2764 articles · 174925 vulns · 37/41 feeds (7d)
← Back to list
5.7
CVE-2026-40639PATCHED
Dell · Dell Edge Gateway 3000

CVE-2026-40639: Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical

Description

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Affected Products

VendorProductVersions
DellDell Edge Gateway 30000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
delldell embedded pcmitre_affected90%
delllatitude ruggedmitre_affected90%
dellprecision 3930 rackmitre_affected90%
delldell edgemitre_affected90%
delldell precision 3630 towermitre_affected90%

References

  • https://www.dell.com/support/kbdoc/en-us/000453482/dsa-2026-197(vendor-advisory)

Related News (3 articles)

Tier E
Reddit r/netsec11h ago
Dell BIOS Passwords: Weak XOR Encryption Allows Recovery from SPI Flash (CVE-2026-40639)
→ No new info (linked only)
Tier B
BSI Advisories33d ago
[NEU] [mittel] Dell Client Platform BIOS: Schwachstelle ermöglicht Privilegieneskalation
→ No new info (linked only)
Tier C
VulDB34d ago
CVE-2026-40639 | Dell Latitude Rugged 7424 up to 1.25.x weak password encoding (dsa-2026-197)
→ No new info (linked only)
CVSS 3.15.7 MEDIUM
VectorCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA KEV❌ No
Actively exploited❌ No
Patch available
1.26.01.36.01.32.01.33.02.40.02.43.01.51.01.42.0
CWECWE-261
PublishedJun 9, 2026
Last enriched34d agov2
Trending Score42
Source articles3
Independent3
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-54469EXP
CVE-2026-54469: Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability
Trending: 30
CRITICALCVE-2026-53483
CVE-2026-53483: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 r
Trending: 28
HIGHCVE-2026-56689EXP
CVE-2026-56689: Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an S
Trending: 27
HIGHCVE-2026-56690EXP
CVE-2026-56690: Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an S
Trending: 27
CRITICALCVE-2026-53481
CVE-2026-53481: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 r
Trending: 22

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 9, 2026
Discovered by ZDM
Jun 9, 2026
Updated: affectedVersions
Jun 9, 2026
Patch Available
Jun 9, 2026

Version History

v2
Last enriched 34d ago
v2Tier C34d ago

Updated affected versions to include 1.25.x and marked exploit availability as false.

affectedVersions
via VulDB
v134d ago

Initial creation