CVE-2026-41116

Vulnerability

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. This vulnerability exists within the Inventory Collector component of various Dell products [1].

Exploitation

A low privileged attacker with local access could potentially exploit this vulnerability. The attacker would need to interact with the system to trigger the vulnerable code path, though specific user interaction requirements are not detailed in the available references [1].

Impact

Successful exploitation of this vulnerability could lead to Arbitrary File Write. This means an attacker could overwrite or create files on the system, potentially leading to system compromise or denial of service, with the privilege level of the affected user [1].

Mitigation

Dell Command | Update, Dell Update, Alienware Update, Dell Optimizer, Dell Trusted Device, and Dell SupportAssist for PCs automatically update Inventory Collector. To verify remediation, check the invcol.exe file's product version in C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC\; it should be 13.8.0 or later. If not, perform the auto-update steps for the relevant product [1].