Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.4
UPS Multi-UPS Management Console allows arbitrary code execution
CVE-2026-26033
Summary
A vulnerability in the UPS Multi-UPS Management Console (MUMC) allows a user with access to a specific directory to run malicious code with administrator-level permissions. This could allow an attacker to take control of the system. Users should update to a fixed version of MUMC to prevent this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dell | ups_multi-ups_management_console | 01.06.0001_\(a03\) | – |
Original title
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the sys...
Original description
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges.
nvd CVSS3.0
6.7
nvd CVSS4.0
8.4
Vulnerability type
CWE-428
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026