Description
Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-04-01
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

Dell AppSync 4.6.0 contains an incorrect permission assignment that permits a low‑privileged local user to gain administrative privileges. The flaw, identified as CWE-732, enables the attacker to alter system configuration, modify or delete data, and install malicious software, thereby compromising the system’s integrity and confidentiality.

Affected Systems

The product impacted by this vulnerability is Dell AppSync version 4.6.0. No other versions are presently reported as affected. Users executing this specific version should verify that they have applied the latest Dell-provided patch before continuing.

Risk and Exploitability

This vulnerability receives a CVSS score of 7.3, indicating high severity, while the EPSS score is below 1%, suggesting a low likelihood of exploitation. It is not listed in the CISA KEV catalog. Successful exploitation requires local access and a low‑privileged account, implying that the attack vector is local. The attacker can achieve privilege escalation by exploiting the misassigned permissions of a critical resource without needing additional software or advanced techniques.

Generated by OpenCVE AI on April 2, 2026 at 21:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell AppSync security update that addresses the incorrect permission assignment, as published in DSA‑2026‑163
  • Verify that the updated application now enforces correct permissions and that only administrative accounts have full access to critical resources
  • Limit local user accounts to the least privileges necessary for their tasks
  • Continuously monitor the system for unauthorized privilege changes or unexpected policy alterations

Generated by OpenCVE AI on April 2, 2026 at 21:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Incorrect Permission Assignment Enables Local Privilege Escalation in Dell AppSync

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Incorrect Permission Assignment Enables Local Privilege Escalation in Dell AppSync
First Time appeared Dell
Dell appsync
CPEs cpe:2.3:a:dell:appsync:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell appsync

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Dell Appsync
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-02T03:56:01.058Z

Reserved: 2026-01-09T18:05:08.764Z

Link: CVE-2026-22768

cve-icon Vulnrichment

Updated: 2026-04-01T12:50:46.376Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T13:16:33.950

Modified: 2026-04-02T16:54:13.507

Link: CVE-2026-22768

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:19:08Z

Weaknesses