{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23772", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-16T06:05:50.872Z", "datePublished": "2026-04-16T08:30:56.774Z", "dateUpdated": "2026-04-17T03:55:13.852Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-16T08:30:56.774Z"}, "datePublic": "2026-04-14T18:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "Storage Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "8.0.3 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000453020/dsa-2026-058-security-update-for-dell-storage-manager-replay-manager-for-microsoft-servers-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Dell would like to thank falconCorrup for reporting this issue.", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-23772"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T03:55:13.852Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23772", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-16T13:03:16.787166Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:03:21.784Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dell would like to thank falconCorrup for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Storage Manager", "versions": [{"status": "affected", "version": "0", "lessThan": "8.0.3 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-14T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000453020/dsa-2026-058-security-update-for-dell-storage-manager-replay-manager-for-microsoft-servers-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-16T08:30:56.774Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23772", "state": "PUBLISHED", "dateUpdated": "2026-04-17T03:55:13.852Z", "dateReserved": "2026-01-16T06:05:50.872Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-16T08:30:56.774Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges."}], "id": "CVE-2026-23772", "lastModified": "2026-04-16T09:16:35.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-16T09:16:35.280", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000453020/dsa-2026-058-security-update-for-dell-storage-manager-replay-manager-for-microsoft-servers-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.0.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Storage Manager", "source": "cna", "vendor": "Dell"}, "product": "storage_manager", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-17T04:52:52.036557+00:00", "value": {"mitigation_remediation": ["Download and install the Dell Security Update DSA\u20112026\u2011058 for Storage Manager v8.0, which removes the improper privilege checks in the Replay Manager for Microsoft Servers.", "Adjust the accounts that run the Storage Manager service to the minimum required privileges; remove local administrator rights from all non\u2011essential accounts.", "Implement Dell\u2019s recommended access\u2011control hardening, such as disabling unnecessary local services and enforcing strict audit trails for privilege\u2011related actions."], "summary": {"action": "Patch Immediately", "impact": "Elevation of Privilege"}, "threat_synthesis": {"affected_systems": "The vulnerable product is Dell Storage Manager \u2013 Replay Manager for Microsoft Servers, version 8.0. No other vendors or product versions are mentioned as affected.", "description_and_impact": "Dell Storage Manager \u2013 Replay Manager for Microsoft Servers version 8.0 contains an Improper Privilege Management vulnerability. An attacker who has local, low\u2011privileged access can exploit the flaw to gain higher privileges on the machine. This elevation allows the attacker to perform actions normally restricted to administrators, potentially compromising system security.", "risk_and_exploitability": "The CVSS base score of 7.3 indicates a high severity vulnerability. The EPSS score is reported as less than 1%, implying a very low but nonzero probability of exploitation, and the vulnerability is not currently listed in the CISA KEV catalog. Attackers need local, low\u2011privileged access to leverage the escalation path, which is relatively easy to obtain in environments where user accounts have local rights."}}}}, "created": "2026-04-16T12:00:11.327744+00:00", "title": "Improper Privilege Management Vulnerability in Dell Storage Manager Replay Manager", "updated": "2026-04-17T05:00:05.506808+00:00", "vendors": ["dell", "dell$PRODUCT$storage_manager"]}