Description
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure.
Published: 2026-03-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation and Denial of Service
Action: Patch Now
AI Analysis

Impact

Dell PowerScale OneFS contains an execution with unnecessary privileges flaw that allows a local attacker who already has high privilege to run code with elevated rights, potentially causing denial of service, escalating privileges, and exposing sensitive data. The weakness is a classic privilege‑bypass issue (CWE‑250).

Affected Systems

The affected products are Dell PowerScale OneFS systems. Versions prior to 9.10.1.6 and those from 9.11.0.0 through 9.12.0.1 are vulnerable.

Risk and Exploitability

The CVSS score of 6.7 indicates moderate severity while the EPSS below 1% shows a low probability of exploitation at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires local access and a user with elevated privileges; an attacker can leverage this to interrupt services, gain further privileges, or read protected data. Because the attack vector is local, limiting privileged local access and applying the vendor’s patch are the most effective mitigations.

Generated by OpenCVE AI on April 16, 2026 at 13:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell PowerScale OneFS to 9.10.1.6 or any newer release that provides the security update addressing this flaw
  • Apply least privilege to local accounts and restrict super‑user access to the minimal set of critical services
  • Enable monitoring and alerting for abnormal local activity that could indicate privilege abuse or service disruption

Generated by OpenCVE AI on April 16, 2026 at 13:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell powerscale Onefs

Wed, 04 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 12:45:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure.
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-05T04:55:33.342Z

Reserved: 2025-12-24T16:33:47.095Z

Link: CVE-2026-21426

cve-icon Vulnrichment

Updated: 2026-03-04T15:02:28.400Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T13:15:57.800

Modified: 2026-03-04T20:46:57.667

Link: CVE-2026-21426

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:45:21Z

Weaknesses