Dell Client BIOS Weak Encoding Password EE Privilege Escalation
CVE-2026-40639 Published on June 9, 2026

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-40639 can be exploited with physical access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
PHYSICAL
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password. Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.


Affected Versions

Dell Edge Gateway 3000: Dell Edge Gateway 5000: DELL EMBEDDED PC 3000: DELL EMBEDDED PC 5000: Dell Precision 3630 Tower: Dell Precision 3930 Rack: Dell Latitude 7220 Rugged Extreme: Dell Latitude Rugged 5420: Dell Latitude Rugged 5424: Dell Latitude Rugged 7220EX: Dell Latitude Rugged 7424: Dell Precision 3930 Rack: