DSA-2026-163: Security Update for Dell AppSync Vulnerabilities

Summary: Dell AppSync remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Ця стаття стосується Ця стаття не стосується Ця стаття не стосується якогось конкретного продукту. У цій статті зазначено не всі версії продукту.
Ознайомтеся з іншими ресурсами

Impact

High

Details

Third-party Component CVEs More Information
KEYCLOAK CVE-2022-4137 https://nvd.nist.gov/vuln/search This hyperlink is taking you to a website outside of Dell Technologies. 

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-22767 Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-22768 Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-22767 Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-22768 Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Продукти й засоби виправлення, яких це стосується

Product Affected Versions Remediated Versions Link
Dell AppSync Versions prior to 4.6.1.0 Version 4.6.1.0 or later https://www.dell.com/support/home/product-support/product/appsync/drivers

 

Product Affected Versions Remediated Versions Link
Dell AppSync Versions prior to 4.6.1.0 Version 4.6.1.0 or later https://www.dell.com/support/home/product-support/product/appsync/drivers

 

Revision History

Revision DateDescription
1.02026-04-01Initial Release
2.02026-04-08Updated Affected versions

 

Acknowledgements

CVE-2026-22768: Dell would like to thank Marius Gabriel Mihai for reporting this issue. 

CVE-2026-22767: Dell would like to thank falconCorrup for reporting this issue.  

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Заява про відмову від відповідальності

Продукти, яких це стосується

AppSync, AppSync
Властивості статті
Article Number: 000446965
Article Type: Dell Security Advisory
Востаннє змінено: 07 квіт. 2026
Отримайте відповіді на свої запитання від інших користувачів Dell
Служба підтримки
Перевірте, чи послуги служби підтримки поширюються на ваш пристрій.