Description
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-03-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Elevation of Privileges
Action: Immediate Patch
AI Analysis

Impact

Dell PowerScale OneFS includes an incorrect privilege assignment that can be leveraged by a low‑privileged attacker who possesses local access to elevate their privileges. The flaw is a direct privilege escalation weakness (CWE‑266) that permits an attacker to gain higher system rights without requiring remote exploitation or additional credentials. The impact is an increase in an attacker’s capabilities, potentially exposing sensitive data and enabling further attacks.

Affected Systems

Affected products are Dell PowerScale OneFS firmware versions earlier than 9.10.1.6 and those in the 9.11.0.0 through 9.12.0.1 range. Users running any of these builds should review version details before applying remediation.

Risk and Exploitability

The CVSS base score of 6.7 reflects moderate severity, while the EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation at the time of this analysis. The likely attack vector requires local access, meaning the attacker must already be authenticated as a low‑privileged user on the system to attempt escalation. Given the limited exploit probability but potentially serious outcome, immediate remediation is recommended.

Generated by OpenCVE AI on April 16, 2026 at 13:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell PowerScale OneFS to version 9.10.1.6 or later, or to any release newer than 9.12.0.1 that includes the fix
  • If an upgrade is not immediately possible, disable or restrict local accounts that have administrative privileges to limit the scope of potential privilege escalation
  • Implement network segmentation and monitor for anomalous privilege changes to detect attempted exploitation early

Generated by OpenCVE AI on April 16, 2026 at 13:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Incorrect Privilege Assignment Enables Local Privilege Escalation in Dell PowerScale OneFS

Wed, 04 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell powerscale Onefs

Wed, 04 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-05T04:55:37.618Z

Reserved: 2025-12-24T16:33:47.095Z

Link: CVE-2026-21425

cve-icon Vulnrichment

Updated: 2026-03-04T15:39:44.987Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T13:15:57.643

Modified: 2026-03-04T20:48:04.880

Link: CVE-2026-21425

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:45:21Z

Weaknesses