CVE-2026-24511 - Vulnerability Details

Description

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Published: 2026-04-08

Score: 4.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Dell PowerScale OneFS may expose sensitive data in error messages. The flaw allows a high‑privileged local attacker to view confidential information that should not appear in error logs. This is a classic data‑exposure weakness identified as CWE‑209. The vulnerability results in the unnecessary leakage of potentially critical system details to local users with sufficient privileges, compromising confidentiality but not allowing system compromise or remote control.

Affected Systems

The affected products are Dell PowerScale OneFS. Versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0 are impacted. No other vendors or products are mentioned.

Risk and Exploitability

The CVSS score of 4.4 indicates moderate severity, and the EPSS score of less than 1% suggests low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local, high‑privilege access, so the attack vector is inferred to be local. A privileged user can trigger or read error messages that contain sensitive data, potentially revealing configuration or credential information.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

PowerScale OneFS

unaffected

Version	Status	Constraints
`0`	affected	< 9.10.1.7 or later

Configuration 1 [-]

OR	cpe:2.3:o:dell:powerscale_onefs::::::::
	cpe:2.3:o:dell:powerscale_onefs::::::::

No data.

Vendor Product Confidence Versions

Dell

Powerscale Onefs

100%

Version	Status	Scheme	Platform
`[0,9.10.1.7)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply Dell PowerScale OneFS update DSA‑2026‑125, which addresses the error‑message data exposure.
Verify that the updated system no longer includes sensitive information in error messages after the patch is applied.
Limit local privileged access to trusted administrators only to reduce the risk of exploitation.
Monitor system logs for unexpected or sensitive error output as an additional detection measure.
If a patch cannot be applied immediately, consider disabling verbose error logging or other configuration options that may reduce data visibility.

Generated by OpenCVE AI on April 13, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities

History

Mon, 13 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Title	Sensitive Data Exposure in Dell PowerScale OneFS Error Messages

Mon, 13 Apr 2026 11:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:dell:powerscale_onefs::::::::

Wed, 08 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
Title		Sensitive Data Exposure in Dell PowerScale OneFS Error Messages

Wed, 08 Apr 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell powerscale Onefs
Vendors & Products		Dell Dell powerscale Onefs

Wed, 08 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 08 Apr 2026 12:45:00 +0000

Type	Values Removed	Values Added
Description		Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.
Weaknesses		CWE-209
References		https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities
Metrics		cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Dell Powerscale Onefs

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2026-04-08T12:28:21.077Z

Updated: 2026-04-08T16:13:35.249Z

Reserved: 2026-01-23T06:07:21.818Z

Link: CVE-2026-24511

Vulnrichment

Updated: 2026-04-08T15:43:14.751Z

NVD

Status : Analyzed

Published: 2026-04-08T13:16:40.367

Modified: 2026-04-13T11:38:48.477

Link: CVE-2026-24511

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-13T14:25:09Z

Weaknesses

CWE-209

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object