Description
Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service.
Published: 2026-01-22
Score: 3.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The vulnerability describes a Time‑of‑check Time‑of‑use race condition that allows a low‑privileged attacker with adjacent network access to cause service interruption on Dell PowerScale OneFS. The race condition does not provide direct access to data or application logic; it can result in a denial of service for clients using affected file system operations.

Affected Systems

Dell PowerScale OneFS products with versions 9.5.0.0 through 9.5.1.5, 9.6.0.0 through 9.7.1.10, 9.8.0.0 through 9.10.1.3, and 9.11.0.0 up to but not including 9.13.0.0 are vulnerable.

Risk and Exploitability

The CVSS score of 3.5 indicates low severity, and the EPSS score of less than 1% indicates a very low probability of exploitation. The vulnerability is not listed in CISA KEV. The attack vector is a low‑privileged user who can interact with the network segment that hosts the storage cluster; the race condition may be triggered by concurrent operations on the file system, potentially causing service disruption.

Generated by OpenCVE AI on April 18, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest security update for Dell PowerScale OneFS from Dell’s official support portal
  • Restrict adjacent network access to the PowerScale cluster and enforce least privilege for accounts that can interact with the file system
  • Monitor cluster logs for unexpected service restarts or performance degradation and adjust monitoring thresholds accordingly

Generated by OpenCVE AI on April 18, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Time‑of‑Check Time‑of‑Use Race Condition in Dell PowerScale OneFS

Wed, 28 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
Vendors & Products Dell
Dell powerscale Onefs

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service.
Weaknesses CWE-367
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-01-22T19:35:02.793Z

Reserved: 2026-01-07T07:17:24.536Z

Link: CVE-2026-22281

cve-icon Vulnrichment

Updated: 2026-01-22T19:34:59.694Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-22T20:16:13.257

Modified: 2026-01-28T18:14:09.367

Link: CVE-2026-22281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:30:03Z

Weaknesses