Description
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Published: 2026-03-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

Dell PowerScale OneFS contains an execution with unnecessary privileges vulnerability that allows a high‑privileged local attacker to gain additional privileges, effectively elevating their rights on the system. The flaw is tied to CWE‑250, indicating that the operating environment does not properly restrict the execution context of privileged code. As a result, an attacker who already has local access with sufficient permissions can execute operations with higher authority, potentially compromising data confidentiality, integrity, and system control.

Affected Systems

Parts of the Dell PowerScale OneFS family are affected. All releases before 9.10.1.6, as well as the 9.11.0.0 through 9.12.0.1 series, fall within the vulnerable range. Organizations using any of these product versions should verify the exact build and plan remediation accordingly.

Risk and Exploitability

The CVSS base score of 6.7 reflects a moderate severity risk. The EPSS score of less than 1% suggests that exploitation is currently unlikely but still present. The vulnerability is not listed in the CISA KEV catalog, meaning there is no confirmed widespread exploitation yet. The attack vector is local and requires an attacker to already possess some level of access to the system; once that precondition is met, the privilege escalation can be achieved without additional network exposure.

Generated by OpenCVE AI on April 16, 2026 at 13:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Dell PowerScale OneFS release (9.10.1.6 or newer) that resolves the unnecessary‑privilege execution flaw.
  • Restrict local administrator accounts by enforcing least‑privilege policies and reducing the number of users with extensive local rights.
  • Configure auditing and monitoring to detect anomalous high‑privilege activity, ensuring that any unauthorized escalation attempts are promptly investigated.

Generated by OpenCVE AI on April 16, 2026 at 13:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Execution with Unnecessary Privileges in Dell PowerScale OneFS

Wed, 04 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell powerscale Onefs

Wed, 04 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-05T04:55:32.170Z

Reserved: 2025-12-24T16:33:47.095Z

Link: CVE-2026-21421

cve-icon Vulnrichment

Updated: 2026-03-04T14:13:48.875Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T13:15:56.960

Modified: 2026-03-04T20:55:46.197

Link: CVE-2026-21421

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:45:21Z

Weaknesses