Update package framework
This hub aggregates every CVE we track for Update package framework, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM3HIGH2
Monthly trend
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
2024-082026-07
Latest CVEs
The 5 most recently published vulnerabilities affecting Update package framework.
- CVE-2026-23857Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local ...8.2
- CVE-2025-22395Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leadi...8.2
- CVE-2023-39254Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability ...6.7
- CVE-2023-32454 DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitr...6.3
- CVE-2019-3726An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used...6.7
Product normalization is registry-driven with AI assist and human review. How it works