CVE-2026-40715
published 2026-06-02CVE-2026-40715: Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could…
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.10%
1.1th percentile
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | thinos | < 2602_10.0765 | 2602_10.0765 |
| dell | thinos_10 | < 2602_10.0765_T10 | 2602_10.0765_T10 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Dell ThinOS 10 10.0765 access control (dsa-2026-214 / EUVD-2026-33979)
vuldb·2026-06-02·CVSS 7.8
CVE-2026-40715 [HIGH] Dell ThinOS 10 10.0765 access control (dsa-2026-214 / EUVD-2026-33979)
A vulnerability labeled as critical has been found in Dell ThinOS 10 10.0765. This impacts an unknown function. Executing a manipulation can lead to improper access controls.
The identification of this vulnerability is CVE-2026-40715. The attack can only be executed locally. There is no exploit available.
The affected component should be upgraded.
GHSA
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability.
ghsa_unreviewed·2026-06-02
CVE-2026-40715 [HIGH] CWE-284 Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability.
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-02
Published