Description
api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.
Published: 2026-06-16
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the API Gateway container used by Dell EMC VxRail Appliance. The container is executed with root privileges, and a flaw allows an attacker to escape from the isolated container environment and gain access to the underlying host system. This elevation of privilege could enable the attacker to execute arbitrary code, modify system configuration, or access sensitive data, representing a significant confidentiality and integrity risk. The weakness corresponds to CWE-269, indicating improper privilege management.

Affected Systems

The affected product is Dell EMC VxRail Appliance, with the vulnerability present in the API Gateway component as documented in Dell's security update DSA-2024-247. Specific version details are not explicitly listed, but the advisory references VxRail 7.0.520 where the issue exists. Administrators should examine their deployed VxRail appliances for this configuration and verify whether the API Gateway container runs with root privileges.

Risk and Exploitability

The CVSS base score of 7.0 places the issue in the high severity range, whereas the EPSS score of less than 1% indicates that exploitation is unlikely, and the vulnerability is not listed in the CISA KEV catalog. However, because the container runs with root, the attack surface is enlarged if an attacker can reach the API Gateway process. The likely attack vector is achieved through remote input to the API Gateway or by exploiting a flaw that allows code execution within the container to break out of isolation. While the probability of automation‑based exploitation remains low, the potential impact warrants prompt remediation.

Generated by OpenCVE AI on June 17, 2026 at 21:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell Security Update DSA-2024-247 for the VxRail Appliance.
  • Reconfigure the API Gateway container to run with non-root privileges and remove unnecessary capabilities.
  • Limit network exposure of the API Gateway and enforce least privilege on the container runtime.

Generated by OpenCVE AI on June 17, 2026 at 21:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell emc Vxrail Appliance
Vendors & Products Dell
Dell emc Vxrail Appliance

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title API Gateway Container Root Escalation

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H'}


Subscriptions

Dell Emc Vxrail Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-16T17:38:30.931Z

Reserved: 2024-06-18T01:53:34.136Z

Link: CVE-2024-38487

cve-icon Vulnrichment

Updated: 2026-06-16T17:38:12.945Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T17:16:28.560

Modified: 2026-06-16T17:34:39.967

Link: CVE-2024-38487

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:09Z

Weaknesses
  • CWE-269

    Improper Privilege Management