CVE-2026-40639

5.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Edge Gateway 3000; Dell Edge Gateway 5000; Dell Embedded Pc 3000; Dell Embedded Pc 5000
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-40639?

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Affected Version(s)

Dell Edge Gateway 3000 0 < 1.26.0

Dell Edge Gateway 5000 0 < 1.36.0

DELL EMBEDDED PC 3000 0 < 1.32.0

References

https://www.dell.com/support/kbdoc/en-us/000453482/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Apr 14, 2026

Credit

Dell would like to thank Darren McDonald from AmberWolf and Craig S. Blackie from MDSec for reporting this issue.

CVE-2026-40639 Data

JSON