Description
Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.
Published: 2026-03-04
Score: 3.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: Protection Mechanism Bypass
Action: Patch
AI Analysis

Impact

The vulnerability enables a high‑privileged local attacker to alter system or configuration settings, allowing bypass of protection mechanisms. Identified as CWE‑15, it indicates external control of system or configuration setting. If exploited, the integrity of the PowerScale cluster’s security controls could be compromised, potentially facilitating further unauthorized actions.

Affected Systems

Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 are vulnerable. These versions run on Dell’s OneFS operating system and must be updated to mitigate the issue.

Risk and Exploitability

The CVSS score is 3.4, reflecting low overall severity. The EPSS score is below 1 percent, indicating a very low expected exploitation rate. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a local attacker with high privileges, who can then modify configuration settings to bypass protection mechanisms. While the attack vector is limited to local privileged access, the potential impact on system integrity makes patching a prudent measure.

Generated by OpenCVE AI on April 17, 2026 at 13:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell's security update for PowerScale OneFS that addresses the external control issue.
  • Upgrade all affected nodes to a version beyond 9.12.0.1 to ensure the vulnerability is fixed.
  • Restrict local privileged user access to the OneFS system to reduce the attack surface for potential exploitation.

Generated by OpenCVE AI on April 17, 2026 at 13:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass. Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.

Fri, 17 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Title External Control of System Setting in Dell PowerScale OneFS Enables Protection Mechanism Bypass

Wed, 04 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell powerscale Onefs

Wed, 04 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.
Weaknesses CWE-15
References
Metrics cvssV3_1

{'score': 3.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-30T08:26:50.159Z

Reserved: 2025-12-24T16:33:47.095Z

Link: CVE-2026-21422

cve-icon Vulnrichment

Updated: 2026-03-04T14:09:09.487Z

cve-icon NVD

Status : Modified

Published: 2026-03-04T13:15:57.147

Modified: 2026-04-30T09:16:02.717

Link: CVE-2026-21422

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:15:19Z

Weaknesses