Dell Update Package Framework — known CVE vulnerabilities
Every CVE whose affected-product data names Dell Update Package Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-22395 — CVSS 8.2 (high): Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged…
CVE-2026-23857 — CVSS 8.2 (high): Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or…
CVE-2019-3726 — CVSS 6.7 (medium): An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to…
CVE-2023-39254 — CVSS 6.7 (medium): Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access…
CVE-2023-32454 — CVSS 6.3 (medium): DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious…