CVE-2026-26033
📋 TL;DR
This vulnerability allows attackers with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges by exploiting an unquoted search path in UPS Multi-UPS Management Console. It affects organizations using Dell UPS management software version 01.06.0001 (A03).
💻 Affected Systems
- Dell UPS Multi-UPS Management Console (MUMC)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with SYSTEM privileges leading to complete control over the affected system, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Privilege escalation from a lower-privileged user account to SYSTEM, enabling installation of malware, persistence mechanisms, or credential harvesting.
If Mitigated
Limited impact if proper access controls prevent unauthorized users from writing to system directories and the software runs with minimal necessary privileges.
🎯 Exploit Status
Exploitation requires write access to a directory on the system drive, making it accessible to local attackers or malware with file system access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Dell support for updated version
Vendor Advisory: https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=038h3
Restart Required: Yes
Instructions:
1. Visit Dell support page for driver ID 038h3. 2. Download and install the latest version of UPS Multi-UPS Management Console. 3. Restart the system to apply changes.
🔧 Temporary Workarounds
Restrict directory permissions
windowsRemove write permissions for non-administrative users on directories where MUMC is installed and parent directories in the system drive.
icacls "C:\Program Files\Dell\MUMC" /deny Users:(OI)(CI)W
Run with lower privileges
windowsConfigure MUMC to run with standard user privileges instead of SYSTEM where possible.
🧯 If You Can't Patch
- Remove write permissions for all non-administrative users from the installation directory and parent directories.
- Monitor for suspicious file creation in system directories and unauthorized privilege escalation attempts.
🔍 How to Verify
Check if Vulnerable:
Check installed software version via Control Panel > Programs and Features for 'UPS Multi-UPS Management Console' version 01.06.0001 (A03).Check Version:
wmic product where name="UPS Multi-UPS Management Console" get versionVerify Fix Applied:
Verify the software version has been updated to a newer release than 01.06.0001 (A03) and test that non-administrative users cannot write to the installation directory.📡 Detection & Monitoring
Log Indicators:
- Event logs showing unauthorized file creation in system directories
- Security logs indicating privilege escalation attempts from MUMC processes
Network Indicators:
- Unusual outbound connections from the MUMC service or associated processes
SIEM Query:
source="windows_security" AND (event_id=4688 OR event_id=4689) AND process_name="*MUMC*" AND user="SYSTEM"