Description
Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
Published: 2026-04-01
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Information tampering via local file modification
Action: Patch ASAP
AI Analysis

Impact

Dell AppSync 4.6.0 contains a Unix symbolic‑link following flaw that allows an attacker who has local, low‑privilege access to modify files that the application is allowed to write. Exploiting this vulnerability can lead to unauthorized information tampering, potentially compromising data integrity on the affected host.

Affected Systems

The flaw affects Dell AppSync version 4.6.0. The impact applies to installations of the Dell AppSync product on Unix‑based operating systems where the application runs with local user privileges.

Risk and Exploitability

The CVSS base score of 7.3 indicates a moderate to high severity, and the EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability requires local access and does not involve remote exploitation. It is not listed in the CISA KEV catalog, indicating no known widespread active exploitation at this time. The flaw remains significant for environments where the application is used in ways that allow local users to run AppSync or where file integrity is critical.

Generated by OpenCVE AI on April 2, 2026 at 21:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and apply Dell DSA‑2026‑163, the security update that addresses the symlink following vulnerability in AppSync 4.6.0, from Dell’s official support site.
  • Confirm the patch has been applied by verifying the AppSync version and patch metadata.

Generated by OpenCVE AI on April 2, 2026 at 21:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Dell AppSync Unix Symlink Following Vulnerability Leading to Local File Tampering

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Dell AppSync Unix Symlink Following Vulnerability Leading to Local File Tampering
First Time appeared Dell
Dell appsync
CPEs cpe:2.3:a:dell:appsync:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell appsync

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
Weaknesses CWE-61
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Dell Appsync
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-01T19:04:27.520Z

Reserved: 2026-01-09T18:05:08.764Z

Link: CVE-2026-22767

cve-icon Vulnrichment

Updated: 2026-04-01T19:04:23.883Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T13:16:33.150

Modified: 2026-04-02T16:55:42.720

Link: CVE-2026-22767

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:19:09Z

Weaknesses