Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds
A critical flaw in how Dell stores BIOS administrator and user passwords allows full password recovery from a flash dump in milliseconds, with no brute force required. The vulnerability, tracked as CVE-2026-40639 (DSA-2026-197), stems from a broken XOR encryption scheme rather than a proper...