DSA-2026-049: Security Update for Dell PowerScale OneFS Multiple Vulnerabilities
Resumen: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
High
Detalles
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-22278 | Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-22280 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains an incorrect permission assignment for critical resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | 5.0 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
| CVE-2026-22279 | Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
| CVE-2026-22281 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service. | 3.5 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-22278 | Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-22280 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains an incorrect permission assignment for critical resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | 5.0 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
| CVE-2026-22279 | Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
| CVE-2026-22281 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service. | 3.5 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Corrección y productos afectados
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2026-22278, CVE-2026-22280, CVE-2026-22279, CVE-2026-22281 | PowerScale OneFS | Versions prior to 9.13.0.0 | Version 9.13.0.0 or later | PowerScale OneFS Downloads Area |
| CVE-2026-22280, CVE-2026-22281 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.1.5 | Version 9.5.1.6 or later | PowerScale OneFS Downloads Area |
| CVE-2026-22280, CVE-2026-22281 | PowerScale OneFS | Versions 9.6.0.0 through 9.7.1.10 | Version 9.7.1.11 or later | PowerScale OneFS Downloads Area |
| CVE-2026-22280, CVE-2026-22281 | PowerScale OneFS | Versions 9.8.0.0 through 9.10.1.3 | Version 9.10.1.4 or later | PowerScale OneFS Downloads Area |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2026-22278, CVE-2026-22280, CVE-2026-22279, CVE-2026-22281 | PowerScale OneFS | Versions prior to 9.13.0.0 | Version 9.13.0.0 or later | PowerScale OneFS Downloads Area |
| CVE-2026-22280, CVE-2026-22281 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.1.5 | Version 9.5.1.6 or later | PowerScale OneFS Downloads Area |
| CVE-2026-22280, CVE-2026-22281 | PowerScale OneFS | Versions 9.6.0.0 through 9.7.1.10 | Version 9.7.1.11 or later | PowerScale OneFS Downloads Area |
| CVE-2026-22280, CVE-2026-22281 | PowerScale OneFS | Versions 9.8.0.0 through 9.10.1.3 | Version 9.10.1.4 or later | PowerScale OneFS Downloads Area |
Soluciones alternativas y mitigaciones
None
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2026-01-15 | Initial Release |
Información relacionada
Descargo de responsabilidad
Productos afectados
PowerScale OneFSPropiedades del artículo
Número del artículo: 000415586
Tipo de artículo: Dell Security Advisory
Última modificación: 15 ene 2026
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.