Cybersecurity
Dell BIOS Flaw Lets Hackers Recover Admin Passwords Within Seconds
Firmware vulnerability allows rapid password recovery on affected Dell devices, raising concerns over enterprise hardware security
A newly disclosed security vulnerability in the BIOS firmware of several Dell devices could allow attackers to recover administrator and user BIOS passwords within seconds, according to cybersecurity researchers.
The flaw, identified as CVE-2026-40639 and documented in Dell’s security advisory DSA-2026-197, is linked to an insecure password storage method inside certain firmware components. Rather than exploiting weak passwords, attackers can take advantage of how BIOS credentials are encrypted and stored.
Although exploitation generally requires physical access to the affected device or low-level system access, successful attacks could bypass important firmware security protections that help secure the boot process.
Faulty Encryption Method Exposed BIOS Credentials
Researchers found that some Dell systems stored BIOS passwords using a weak repeating-key XOR encryption method instead of a stronger cryptographic protection mechanism.
The affected passwords are stored in the Dell Variable (DVAR) section of the SPI flash memory, where firmware settings are maintained. According to researchers, weaknesses in the encryption design allow sensitive key information to be recovered from stored password data.
The problem is particularly serious for shorter passwords because unused storage space in the encrypted password field can reveal portions of the encryption key. This enables attackers to recover passwords directly instead of attempting traditional password-cracking methods.
Even longer passwords may remain vulnerable because the system’s key-generation process relies on limited device-specific information, reducing the complexity required for recovery.
Researchers Identify Affected Dell Platforms
The vulnerability was discovered by security researchers Craig S. Blackie of MDSec and Darren McDonald of AmberWolf during an investigation into Dell UEFI firmware.
Their analysis identified issues in the SystemPwSmm firmware component, which is used across multiple Dell client systems. Testing confirmed exposure on devices including:
- Dell Latitude E7250
- Dell Latitude 7490
- Dell XPS 15 9560
- Dell Wyse 5070 thin client
Researchers noted that newer Dell platforms using the Security Information Vault Block design with SHA-256-based protection were not affected during testing.
The difference highlights that Dell has already implemented stronger firmware security methods on newer hardware, although some older systems remain dependent on the vulnerable design.
Attack Requires Access, But Impact Could Be Significant
The vulnerability is not considered a remote attack because hackers typically need physical access to a device or the ability to obtain a firmware image from the system.
However, once attackers gain access, recovering BIOS passwords can reportedly be performed without user interaction or authentication. This creates risks for corporate laptops, shared devices and systems used in environments where physical security cannot always be guaranteed.
BIOS passwords often protect settings related to Secure Boot, boot order changes and other pre-operating system controls. If compromised, attackers could potentially weaken security protections or interfere with systems protected by disk encryption technologies.
Security experts warn that firmware-level weaknesses are particularly dangerous because they operate beneath the operating system and can affect multiple layers of device security.
Dell Releases Updates and Advises Security Measures
The vulnerability was privately reported to Dell in March 2026. After reviewing the findings, Dell published its security advisory and began releasing firmware updates for affected product lines.
Initial updates covered several platforms, including Precision systems, Rugged Latitude devices, Embedded PCs and Edge Gateway products. Additional fixes for other affected models were expected as part of Dell’s broader remediation effort.