Description
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Published: 2026-04-08
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch Immediately
AI Analysis

Impact

Dell PowerScale OneFS has an incorrect privilege assignment that allows a locally logged in, low‑privileged user to elevate to higher privileges. This results in a privilege escalation vulnerability (CWE‑266) that could permit the attacker to execute privileged operations or access sensitive data.

Affected Systems

Affected products are Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.6 and 9.11.0.0 through 9.13.0.1. All builds within these ranges are impacted.

Risk and Exploitability

The vulnerability receives a CVSS score of 6.6, indicating moderate severity, and an EPSS score of less than 1 percent, suggesting low likelihood of exploitation. It is not registered in the CISA KEV catalog. The attack requires attacker local access to the system; no remote exploitation path is documented.

Generated by OpenCVE AI on April 13, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerScale OneFS security update DSA‑2026‑125 to all affected versions.

Generated by OpenCVE AI on April 13, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Incorrect Privilege Assignment in Dell PowerScale OneFS

Mon, 13 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*

Thu, 09 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Incorrect Privilege Assignment in Dell PowerScale OneFS

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerscale Onefs
Vendors & Products Dell
Dell powerscale Onefs

Wed, 08 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H'}

Subscriptions

Dell Powerscale Onefs
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-13T15:37:35.174Z

Reserved: 2026-02-17T18:05:21.467Z

Link: CVE-2026-27102

cve-icon Vulnrichment

Updated: 2026-04-08T17:41:24.316Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T13:16:41.370

Modified: 2026-04-13T11:38:11.023

Link: CVE-2026-27102

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:25:10Z

Weaknesses