CVE-2026-35159 Overview
CVE-2026-35159 is an Authentication Bypass by Primary Weakness vulnerability [CWE-305] affecting Dell Client Platform BIOS. An unauthenticated attacker with physical access to the device can bypass BIOS authentication controls, resulting in information disclosure. The weakness resides in the primary authentication logic of the platform firmware, allowing an attacker to circumvent intended protections without valid credentials.
Exploitation requires physical access and high attack complexity, which limits mass exploitation but remains relevant for lost, stolen, or unattended devices. Dell published advisory DSA-2026-195 describing the impacted platforms and fixed BIOS versions.
Critical Impact
An attacker with physical access can bypass BIOS authentication on affected Dell client platforms and access sensitive firmware-level data, undermining pre-boot security controls and device integrity assurances.
Affected Products
- Dell Client Platform BIOS (see Dell advisory DSA-2026-195 for the impacted models and BIOS revisions)
- Dell client systems shipping with the vulnerable BIOS authentication component
- Dell endpoints relying on BIOS-level authentication for pre-boot protection
Discovery Timeline
- 2026-07-03 - CVE-2026-35159 published to NVD
- 2026-07-07 - Last updated in NVD database
Technical Details for CVE-2026-35159
Vulnerability Analysis
The vulnerability is classified under [CWE-305]: Authentication Bypass by Primary Weakness. The BIOS authentication flow contains a flaw in its primary check, permitting an attacker to reach protected functionality without satisfying the required authentication step. Because the weakness sits in the pre-boot firmware layer, standard operating system defenses do not apply.
Successful exploitation results in information disclosure. Dell's advisory characterizes the confidentiality impact as low while assigning a high integrity impact, indicating the bypass can also alter BIOS-managed state that governs downstream trust decisions. The attack complexity is high, reflecting the need for hands-on interaction and specific conditions to trigger the flaw.
Root Cause
The root cause is an incomplete or incorrectly implemented primary authentication check within the Dell Client Platform BIOS. Dell has not published low-level implementation details, but CWE-305 describes cases where a validation routine can be skipped, satisfied with attacker-controlled input, or reached through an alternate code path that omits credential verification.
Attack Vector
The attack vector is physical (AV:P). An attacker must have direct access to the target device to interact with pre-boot interfaces such as the BIOS setup menu, boot device selection, or firmware update paths. No prior authentication or user interaction is required. Typical scenarios include evil-maid attacks, supply-chain interception, and unattended workstations in shared environments. See the Dell Security Advisory DSA-2026-195 for platform-specific guidance.
No public proof-of-concept exploit is available for CVE-2026-35159 at the time of publication. The EPSS score is 0.16%, consistent with the physical-access requirement.
Detection Methods for CVE-2026-35159
Indicators of Compromise
- BIOS version strings that do not match the fixed revisions listed in Dell advisory DSA-2026-195.
- Unexpected changes to BIOS settings, boot order, or Secure Boot state on Dell client devices.
- Physical tamper evidence on chassis, cases, or tamper-evident seals for high-value endpoints.
- Unscheduled BIOS update events or firmware downgrade attempts recorded in platform telemetry.
Detection Strategies
- Inventory Dell client BIOS versions across the fleet and compare them against the fixed versions in DSA-2026-195.
- Monitor Windows Management Instrumentation (WMI) and Dell Command | Monitor data for BIOS configuration drift.
- Correlate physical access events, such as badge logs and camera coverage, with firmware anomalies on affected endpoints.
- Track BIOS admin password state and Secure Boot status through endpoint management tooling.
Monitoring Recommendations
- Ingest BIOS version and configuration telemetry into a centralized logging or SIEM platform for continuous baselining.
- Alert on any BIOS setting modification originating from pre-boot sessions rather than authorized management tools.
- Review lost, stolen, and repaired devices for firmware integrity before returning them to production.
How to Mitigate CVE-2026-35159
Immediate Actions Required
- Identify all Dell client platforms in scope by cross-referencing DSA-2026-195 with the asset inventory.
- Apply the Dell-provided BIOS update to every affected system as soon as validation testing permits.
- Enforce a strong BIOS administrator password and disable unused pre-boot interfaces such as external boot devices.
- Prioritize remediation on high-risk endpoints, including executive laptops, kiosk systems, and devices deployed in shared or public spaces.
Patch Information
Dell has released fixed BIOS versions for the impacted platforms. Refer to Dell Security Advisory DSA-2026-195 for the definitive list of affected models and the minimum BIOS revisions that resolve CVE-2026-35159. Deploy the update through Dell Command | Update, Microsoft Intune, SCCM, or an equivalent management channel.
Workarounds
- Restrict physical access to affected devices using locked enclosures, cable locks, and controlled office space.
- Enable full-disk encryption tied to the Trusted Platform Module (TPM) so that BIOS-level disclosure does not expose data at rest.
- Enable Secure Boot and set a BIOS administrator password to raise the bar for pre-boot tampering while patching is in progress.
- Apply tamper-evident seals and inspect them during device return, repair, and reissue workflows.
# Example: query current BIOS version on Dell client platforms
# Windows (PowerShell)
Get-CimInstance -ClassName Win32_BIOS | Select-Object Manufacturer, SMBIOSBIOSVersion, ReleaseDate
# Linux
sudo dmidecode -s bios-version
sudo dmidecode -s bios-release-date
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

