Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Dell Repository Manager versions prior to 3.4.8 allows attackers to run malicious code
CVE-2026-21420
Summary
If you're using an outdated version of Dell Repository Manager, a malicious person with limited access could potentially trick the system into running their own code, potentially giving them more power or control. This is a concern because it allows an attacker to do more harm. Update to version 3.4.8 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dell | repository_manager | <= 3.4.8 | – |
Original title
Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulner...
Original description
Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.
nvd CVSS3.1
7.8
Vulnerability type
CWE-427
Uncontrolled Search Path Element
- https://www.dell.com/support/kbdoc/en-us/000430183/dsa-2026-059-security-update-... Patch Vendor Advisory
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026