CVE-2026-22280 - Vulnerability Details

- Incorrect Permission Assignment Allowing Local Denial of Service on Dell PowerScale OneFS

Description

Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains an incorrect permission assignment for critical resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Published: 2026-01-22

Score: 5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability arises from an incorrect permission assignment to a critical resource in Dell PowerScale OneFS. Because of this misconfiguration, an attacker who has local, low‑privileged access could manipulate the permissions to trigger a denial of service condition. The flaw does not provide remote code execution or data exfiltration but can disrupt services by rendering a critical resource unavailable.

Affected Systems

The affected products are Dell PowerScale OneFS across multiple releases. Versions 9.5.0.0 through 9.5.1.5, 9.6.0.0 through 9.7.1.10, 9.8.0.0 through 9.10.1.3, and the 9.11.x series up to but not including 9.13.0.0 are listed as vulnerable.

Risk and Exploitability

The CVSS score of 5.0 places this vulnerability in the medium severity range. The EPSS score is listed as less than 1 %, indicating a very low probability of exploitation in the wild. On the surface, an attacker would need local, low‑privileged access to the system, which limits the attack surface to insiders or compromised local accounts. While the risk is not catastrophic, the potential denial of service could impact business continuity if the critical resource is tied to live services. The vulnerability is not currently catalogued in the CISA Known Exploited Vulnerabilities list, so there is no known public exploit. Nonetheless, the medium CVSS score and incorrect permission assignment warrant timely remediation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

PowerScale OneFS

unaffected

Version	Status	Constraints
`N/A`	affected	< 9.13.0.0
`N/A`	affected	< 9.5.1.6
`N/A`	affected	< 9.7.1.11
`N/A`	affected	< 9.10.1.4

Configuration 1 [-]

OR	cpe:2.3:a:dell:powerscale_onefs::::::::
	cpe:2.3:a:dell:powerscale_onefs::::::::
	cpe:2.3:a:dell:powerscale_onefs::::::::
	cpe:2.3:a:dell:powerscale_onefs::::::::

No data.

Vendor	Product	Confidence	Versions
Dell	Powerscale Onefs	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Dell PowerScale OneFS security update for the affected versions to correct permission assignments.
Restart the OneFS services (or the entire system) to ensure updated permissions are enforced.
Monitor system logs for any attempts to modify critical resource permissions, and verify that access controls remain enforced.

Generated by OpenCVE AI on April 18, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00006.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000415586/dsa-2026-049-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities

History

Sat, 18 Apr 2026 15:45:00 +0000

Type	Values Removed	Values Added
Title		Incorrect Permission Assignment Allowing Local Denial of Service on Dell PowerScale OneFS

Wed, 28 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:dell:powerscale_onefs::::::::

Fri, 23 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell powerscale Onefs
Vendors & Products		Dell Dell powerscale Onefs

Thu, 22 Jan 2026 23:00:00 +0000

Type	Values Removed	Values Added
Description		Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains an incorrect permission assignment for critical resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.
Weaknesses		CWE-732
References		https://www.dell.com/support/kbdoc/en-us/000415586/dsa-2026-049-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Dell Powerscale Onefs

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2026-01-22T19:01:11.528Z

Updated: 2026-01-22T19:23:20.602Z

Reserved: 2026-01-07T07:17:24.536Z

Link: CVE-2026-22280

Vulnrichment

Updated: 2026-01-22T19:23:16.247Z

NVD

Status : Analyzed

Published: 2026-01-22T19:15:57.023

Modified: 2026-01-28T18:14:37.460

Link: CVE-2026-22280

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T15:30:03Z

Weaknesses

CWE-732

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object