CVE-2026-32658
Dell · Automation Platform
Dell Automation Platform versions prior to 2.0.0.0 are affected by a missing authorization vulnerability, allowing authenticated users to perform unauthorized actions.
Executive summary
Dell Automation Platform versions prior to 2.0.0.0 are vulnerable to a missing authorization flaw, enabling unauthorized access to sensitive system functions.
Vulnerability
The software fails to implement proper authorization checks (CWE-862), allowing an authenticated user with low privileges to perform actions that should be restricted. The vulnerability is accessible via the network and requires user interaction (AV:N/AC:L/PR:L/UI:R).
Business impact
The lack of proper authorization can lead to unauthorized access to system resources, potential data manipulation, or complete system compromise, depending on the scope of the affected functions. With a CVSS score of 8.0, this vulnerability poses a significant risk to the integrity and availability of the automation workflows managed by the platform.
Remediation
Immediate Action: Update the Dell Automation Platform to version 2.0.0.0 or later as specified in the vendor security advisory (DSA-2026-193).
Proactive Monitoring: Review audit logs for unauthorized access attempts or suspicious activity performed by low-privileged service accounts.
Compensating Controls: Enforce strict Role-Based Access Control (RBAC) and implement Principle of Least Privilege (PoLP) to minimize the potential impact of an authenticated user abusing this authorization flaw.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
Organizations should treat this update as a high priority, especially in production environments where the Automation Platform manages critical business processes. Applying the patch to version 2.0.0.0 or later is necessary to eliminate the authorization gap and prevent potential privilege escalation.