Improper Access Control Vulnerability in Dell ThinOS
CVE-2026-40713

6.1MEDIUM

Key Information:

Vendor: Dell
Status: Thinos 10
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-40713?

Dell ThinOS versions 10 prior to 2602_10.0765 are susceptible to an improper access control vulnerability. This flaw could allow an unauthenticated attacker who has physical access to exploit the system, potentially leading to unauthorized information exposure. Organizations using affected versions are encouraged to upgrade to the latest release to mitigate this vulnerability.

Affected Version(s)

ThinOS 10 0 < 2602_10.0765_T10

References

https://www.dell.com/support/kbdoc/en-us/000463678/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Dell would like to thank Darren McDonald from AmberWolf

Dell would like to thank Christophe Schleypen (NATO Cyber Security Centre – NCSC) for reporting this issue.

CVE-2026-40713 Data

JSON