Full Report
Dell security advisory (AV26-132)
Analysis Summary
# Vulnerability: Dell Product Portfolio Security Updates (Feb 2026)
## CVE Details
*Note: This specific advisory (AV26-132) is a consolidated bulletin covering multiple vulnerabilities released between February 9 and 15, 2026.*
- **CVE ID:** Multiple (Refer to Dell Security Advisory portal for specific IDs per product)
- **CVSS Score:** Varies (Ranging from Medium to Critical)
- **CWE:** Multiple (Typically includes Improper Access Control, Buffer Overflows, and Information Disclosure)
## Affected Systems
- **Products & Versions:**
- **Avamar Series:** Data Store Gen4T/Gen5A, NDMP Accelerator, VMware Image Backup Proxy, and Virtual Edition (Multiple versions)
- **PowerEdge & XC Core:** XC7525 (Prior to 2.21.1), various PowerEdge models, and XC Core models
- **PowerProtect:** DP Series Appliance (IDPA) (Prior to 2.7.9)
- **Private Cloud:** Red Hat (Prior to 01.02.00.00) and VMware (Prior to 01.03.00.00)
- **Management Tools:** Dell Update Package (DUP) Framework (23.12.00 to 24.12.00); iDRAC Service Module for Linux/Windows (Prior to 5.4.1.1/6.0.3.1)
- **NetWorker:** NetWorker versions 19.9 to 19.13.0.2; NetWorker Virtual Edition (NVE)
## Vulnerability Description
This advisory represents a batch update addressing various security flaws across Dell's server management (iDRAC), data protection (Avamar/NetWorker), and hyper-converged infrastructure (XC Core/PowerProtect) lines. Common themes in these updates usually involve fixing underlying OS vulnerabilities, insecure API endpoints, or administrative privilege escalations within the management interfaces.
## Exploitation
- **Status:** Not explicitly reported as exploited in the wild at the time of publication.
- **Complexity:** Low to Medium (Varies by specific CVE).
- **Attack Vector:** Primarily Network (for Avamar/NetWorker/iDRAC) and Local (for DUP Framework/Service Modules).
## Impact
- **Confidentiality:** High (Risk of unauthorized data access)
- **Integrity:** High (Risk of system configuration tampering)
- **Availability:** High (Potential for Denial of Service on critical backup/server infrastructure)
## Remediation
### Patches
Dell recommends updating to the following versions or newer:
- **Dell EMC XC Core XC7525:** v2.21.1
- **PowerProtect DP Series/IDPA:** v2.7.9
- **Dell Private Cloud Red Hat:** v01.02.00.00
- **Dell Private Cloud VMware:** v01.03.00.00
- **iDRAC Service Module (Linux/Windows):** v5.4.1.1 or v6.0.3.1 (Windows)
- **NetWorker:** v19.13.0.3 or higher
### Workarounds
- Restrict access to management interfaces (iDRAC, Avamar Management Console) to trusted management networks only.
- Implement strictly controlled Access Control Lists (ACLs) for backup environments.
## Detection
- **Indicators of Compromise:** Monitor for unauthorized login attempts to iDRAC or Avamar consoles. Inspect logs for unusual Dell Update Package (DUP) execution patterns.
- **Detection Methods:** Vulnerability scanners (Nessus, Qualys, OpenVAS) should be updated with the latest plugins to detect outdated Dell firmware and software versions.
## References
- Dell Security Advisories Portal: hxxps[://]www[.]dell[.]com/support/security/en-ca
- Canadian Centre for Cyber Security Advisory: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/dell-security-advisory-av26-132