{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21421", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2025-12-24T16:33:47.095Z", "datePublished": "2026-03-04T12:47:05.944Z", "dateUpdated": "2026-03-05T04:55:32.170Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerScale OneFS", "vendor": "Dell", "versions": [{"lessThan": "9.10.1.6 or later", "status": "affected", "version": "prior to 9.10.1.6", "versionType": "semver"}, {"lessThan": "9.13.0.0 or later", "status": "affected", "version": "9.11.0.0 through 9.12.0.1", "versionType": "semver"}]}], "datePublic": "2026-02-24T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.<br>"}], "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-04T12:47:27.541Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-21421"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T04:55:32.170Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21421", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-04T14:13:41.258225Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T14:13:48.875Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "prior to 9.10.1.6", "lessThan": "9.10.1.6 or later", "versionType": "semver"}, {"status": "affected", "version": "9.11.0.0 through 9.12.0.1", "lessThan": "9.13.0.0 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-24T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-04T12:47:27.541Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21421", "state": "PUBLISHED", "dateUpdated": "2026-03-04T14:13:56.352Z", "dateReserved": "2025-12-24T16:33:47.095Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-03-04T12:47:05.944Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "C542DE7A-D4BD-4127-A14F-6A1D151A40F6", "versionEndExcluding": "9.10.1.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "23042111-E6E9-4C6B-8A89-2E7E3F44103F", "versionEndExcluding": "9.13.0.0", "versionStartIncluding": "9.11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges."}], "id": "CVE-2026-21421", "lastModified": "2026-03-04T20:55:46.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-03-04T13:15:56.960", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.10.1.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.11.0.0,9.12.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerScale OneFS", "source": "cna", "vendor": "Dell"}, "product": "powerscale_onefs", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-16T13:36:39.291063+00:00", "value": {"mitigation_remediation": ["Apply the latest Dell PowerScale OneFS release (9.10.1.6 or newer) that resolves the unnecessary\u2011privilege execution flaw.", "Restrict local administrator accounts by enforcing least\u2011privilege policies and reducing the number of users with extensive local rights.", "Configure auditing and monitoring to detect anomalous high\u2011privilege activity, ensuring that any unauthorized escalation attempts are promptly investigated."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Parts of the Dell PowerScale OneFS family are affected. All releases before 9.10.1.6, as well as the 9.11.0.0 through 9.12.0.1 series, fall within the vulnerable range. Organizations using any of these product versions should verify the exact build and plan remediation accordingly.", "description_and_impact": "Dell PowerScale OneFS contains an execution with unnecessary privileges vulnerability that allows a high\u2011privileged local attacker to gain additional privileges, effectively elevating their rights on the system. The flaw is tied to CWE\u2011250, indicating that the operating environment does not properly restrict the execution context of privileged code. As a result, an attacker who already has local access with sufficient permissions can execute operations with higher authority, potentially compromising data confidentiality, integrity, and system control.", "risk_and_exploitability": "The CVSS base score of 6.7 reflects a moderate severity risk. The EPSS score of less than 1% suggests that exploitation is currently unlikely but still present. The vulnerability is not listed in the CISA KEV catalog, meaning there is no confirmed widespread exploitation yet. The attack vector is local and requires an attacker to already possess some level of access to the system; once that precondition is met, the privilege escalation can be achieved without additional network exposure."}}}}, "created": "2026-03-04T21:03:34.845200+00:00", "title": "Local Privilege Escalation via Execution with Unnecessary Privileges in Dell PowerScale OneFS", "updated": "2026-04-16T13:45:21.948831+00:00", "vendors": ["dell", "dell$PRODUCT$powerscale_onefs"]}