Dell Automation Platform: Missing Authorization Vulnerability (CVE-2026-32658)
The National Vulnerability Database has disclosed CVE-2026-32658, a high-severity missing authorization vulnerability impacting Dell Automation Platform versions prior to 2.0.0.0. This flaw carries a CVSSv3 score of 8.0 (High), indicating significant risk.
A low-privileged attacker with remote access can exploit this vulnerability. The critical impact is elevation of privileges, granting unauthorized control over the platform. This isn’t just a nuisance; it’s a direct path to deeper compromise within an environment where Dell Automation Platform is deployed. Defenders need to recognize that ‘low-privileged’ doesn’t mean ‘low-threat’ when privilege escalation is the outcome.
Organizations leveraging Dell Automation Platform must prioritize immediate patching to version 2.0.0.0 or later. Neglecting this allows an attacker, once inside the perimeter, to easily escalate their access and broaden their foothold. This is exactly the kind of weakness an offensive security team looks for to move laterally and achieve objectives.
What This Means For You
- If your organization uses Dell Automation Platform, you must check your version immediately. Patch all instances to 2.0.0.0 or higher to mitigate CVE-2026-32658. This vulnerability is a clear avenue for privilege escalation that attackers will actively seek out.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Dell Automation Platform Missing Authorization - Potential Exploit Attempt (CVE-2026-32658)
title: Dell Automation Platform Missing Authorization - Potential Exploit Attempt (CVE-2026-32658)
id: scw-2026-05-11-ai-1
status: experimental
level: high
description: |
This rule detects attempts to exploit CVE-2026-32658 by targeting the Dell Automation Platform's API endpoint '/api/v1/jobs' with a POST request and a 'run' action in the query string. This specific pattern indicates a potential attempt to bypass authorization checks and execute arbitrary actions, leading to privilege escalation.
author: SCW Feed Engine (AI-generated)
date: 2026-05-11
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-32658/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/api/v1/jobs'
cs-method:
- 'POST'
sc-status:
- '200'
cs-uri-query|contains:
- 'action=run'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-32658 | Privilege Escalation | Dell Automation Platform versions prior to 2.0.0.0 |
| CVE-2026-32658 | Auth Bypass | Missing authorization vulnerability in Dell Automation Platform |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 11, 2026 at 13:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
GROWI Path Traversal (CVE-2026-41951) Allows EJS Template Execution
CVE-2026-41951 — Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when...
Dell ECS, ObjectScale Hit by Critical Hard-Coded Credential Flaw
CVE-2026-40636 — Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with...
CVE-2026-35157 — The UI. An Unauthenticated Attacker With Remote Access Vulnerability
CVE-2026-35157 — Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV...