Description
Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Published: 2026-01-22
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized remote access via unauthenticated authentication attempts
Action: Patch Now
AI Analysis

Impact

A flaw in Dell PowerScale OneFS prior to version 9.13.0.0 allows an attacker to bypass limits on repeated authentication attempts. The result is that an unauthenticated user can repeatedly try credentials over the network, eventually gaining access without proper authorization. This vulnerability maps to CWE‑307, improper restriction of excessive authentication attempts, and carries a high Confidence‑based Vulnerability score of 8.1.

Affected Systems

All Dell PowerScale OneFS installations running a version earlier than 9.13.0.0 are affected, including all builds and maintenance releases that have not yet been updated to the security patch.

Risk and Exploitability

The CVSS base score of 8.1 categorizes this flaw as high severity, but the EPSS of less than 1% indicates that exploitation is currently believed to be rare. The vulnerability is not in the CISA KEV catalog, and the exit vector is likely through remote management interfaces such as SSH or web services, permitting an attacker to repeatedly attempt logins before an account lockout mechanism could trigger.

Generated by OpenCVE AI on April 18, 2026 at 03:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerScale OneFS security update DSA-2026-049 to upgrade to version 9.13.0.0 or later or apply the equivalent patch.
  • Restrict remote management protocols to trusted IP addresses or use VPN filtering to reduce the attack surface for authentication attempts.
  • Configure account lockout policies or audit failures to ensure that repeated authentication attempts are detected and prevented.

Generated by OpenCVE AI on April 18, 2026 at 03:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 04:15:00 +0000

Type Values Removed Values Added
Title Unauthorized Remote Access via Unrestricted Authentication Attempts on Dell PowerScale OneFS

Wed, 28 Jan 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
Vendors & Products Dell
Dell powerscale Onefs

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 22 Jan 2026 16:30:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Weaknesses CWE-307
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-26T14:44:32.181Z

Reserved: 2026-01-07T07:17:24.536Z

Link: CVE-2026-22278

cve-icon Vulnrichment

Updated: 2026-01-22T16:37:40.651Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-22T17:16:31.027

Modified: 2026-01-28T18:18:33.653

Link: CVE-2026-22278

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T04:00:08Z

Weaknesses