DSA-2026-038: Security Update for Dell PowerScale OneFS Multiple Vulnerabilities

Samenvatting: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Impact

Medium

Gegevens

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-21421 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-22270 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an uncontrolled search path element vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21423 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of privileges, and information disclosure. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21424 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21425 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21426 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21422 Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass. 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-21421 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-22270 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an uncontrolled search path element vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21423 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of privileges, and information disclosure. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21424 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21425 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21426 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-21422 Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass. 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2026-21421, CVE-2026-22270, CVE-2026-21423, CVE-2026-21424, CVE-2026-21425, CVE-2026-21426 PowerScale OneFS Versions prior to 9.10.1.6 Version 9.10.1.6 or later PowerScale OneFS Downloads Area
CVE-2026-21421, CVE-2026-22270, CVE-2026-21423, CVE-2026-21424, CVE-2026-21425, CVE-2026-21426, CVE-2026-21422 PowerScale OneFS Versions 9.11.0.0 through 9.12.0.1 Version 9.13.0.0 or later PowerScale OneFS Downloads Area
CVE-2026-21422 PowerScale OneFS Version 9.10.0.0 through 9.10.1.5 Version 9.10.1.6 or later PowerScale OneFS Downloads Area

 

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2026-21421, CVE-2026-22270, CVE-2026-21423, CVE-2026-21424, CVE-2026-21425, CVE-2026-21426 PowerScale OneFS Versions prior to 9.10.1.6 Version 9.10.1.6 or later PowerScale OneFS Downloads Area
CVE-2026-21421, CVE-2026-22270, CVE-2026-21423, CVE-2026-21424, CVE-2026-21425, CVE-2026-21426, CVE-2026-21422 PowerScale OneFS Versions 9.11.0.0 through 9.12.0.1 Version 9.13.0.0 or later PowerScale OneFS Downloads Area
CVE-2026-21422 PowerScale OneFS Version 9.10.0.0 through 9.10.1.5 Version 9.10.1.6 or later PowerScale OneFS Downloads Area

 

Notes

  1. We encourage all customers to adopt the Long-Term Support (LTS) 2025 version which is 9.10.1.x code line, with the latest maintenance release.
  2. For more information on LTS code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary and Security Update Release Schedule for Supported Versions of Dell PowerScale OneFS.

Tijdelijke oplossingen en risicobeperking

CVE ID Workaround and Mitigations
CVE‑2026‑21422
Mitigation for customers with a fresh installation of PowerScale OneFS versions 9.10.1.6, 9.13.0.0 and 9.13.0.1:
 
When PowerScale OneFS is installed fresh, the first run of the security checker can overwrite any custom SSH configuration and revert it to the defaults. Therefore, customers should execute following command before making any SSH customizations on the appliance:

isi security check start

Please ensure the security check completes using following command:

isi security check status

 

Revisiegeschiedenis

RevisionDateDescription
1.02026-02-25Initial Release

 

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische verklaring van afstand

Getroffen producten

PowerScale OneFS
Artikeleigenschappen
Artikelnummer: 000432452
Artikeltype: Dell Security Advisory
Laatst aangepast: 25 feb. 2026
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.