CVE-2026-40713
published 2026-06-02CVE-2026-40713: Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access…
PriorityP430medium6.1CVSS 3.1
AVPACLPRNUINSUCHIHAN
EPSS
0.15%
4.7th percentile
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | thinos | < 2602_10.0765 | 2602_10.0765 |
| dell | thinos_10 | < 2602_10.0765_T10 | 2602_10.0765_T10 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability.
ghsa_unreviewed·2026-06-02
CVE-2026-40713 [MEDIUM] CWE-284 Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability.
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure.
VulDB
Dell ThinOS 10 10.0765 access control (dsa-2026-214 / EUVD-2026-33977)
vuldb·2026-06-02·CVSS 6.1
CVE-2026-40713 [MEDIUM] Dell ThinOS 10 10.0765 access control (dsa-2026-214 / EUVD-2026-33977)
A vulnerability identified as critical has been detected in Dell ThinOS 10 10.0765. This affects an unknown function. Performing a manipulation results in improper access controls.
This vulnerability was named CVE-2026-40713. The attack may be carried out on the physical device. There is no available exploit.
You should upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-02
Published