{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21424", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2025-12-24T16:33:47.095Z", "datePublished": "2026-03-04T12:52:18.875Z", "dateUpdated": "2026-03-05T04:55:30.657Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerScale OneFS", "vendor": "Dell", "versions": [{"lessThan": "9.10.1.6 or later", "status": "affected", "version": "prior to 9.10.1.6", "versionType": "semver"}, {"lessThan": "9.13.0.0 or later", "status": "affected", "version": "9.11.0.0 through 9.12.0.1", "versionType": "semver"}]}], "datePublic": "2026-02-24T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.<br>"}], "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-04T12:52:18.875Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-21424"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T04:55:30.657Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21424", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-04T14:11:04.926308Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T14:11:12.844Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "prior to 9.10.1.6", "lessThan": "9.10.1.6 or later", "versionType": "semver"}, {"status": "affected", "version": "9.11.0.0 through 9.12.0.1", "lessThan": "9.13.0.0 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-24T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-04T12:52:18.875Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21424", "state": "PUBLISHED", "dateUpdated": "2026-03-05T04:55:30.657Z", "dateReserved": "2025-12-24T16:33:47.095Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-03-04T12:52:18.875Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "C542DE7A-D4BD-4127-A14F-6A1D151A40F6", "versionEndExcluding": "9.10.1.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "23042111-E6E9-4C6B-8A89-2E7E3F44103F", "versionEndExcluding": "9.13.0.0", "versionStartIncluding": "9.11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges."}], "id": "CVE-2026-21424", "lastModified": "2026-03-04T20:48:30.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-03-04T13:15:57.470", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.10.1.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.11.0.0,9.12.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerScale OneFS", "source": "cna", "vendor": "Dell"}, "product": "powerscale_onefs", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-16T13:35:49.137006+00:00", "value": {"mitigation_remediation": ["Apply the Dell PowerScale OneFS firmware update that addresses the unnecessary privilege execution issue, as detailed in Dell\u2019s security advisory (000432452).", "Reboot the OneFS node after the update to ensure the firmware changes take effect.", "Review local account permissions and remove or reduce any unnecessary high privileged accounts, following Dell's least\u2011privilege guidance."], "summary": {"action": "Immediate Patch", "impact": "Elevation of Privileges"}, "threat_synthesis": {"affected_systems": "Affected product is Dell PowerScale OneFS. Versions lacking the fix include all releases prior to 9.10.1.6, and versions in the 9.11.0.0 through 9.12.0.1 range. These installations remain susceptible until updated to the patched firmware.", "description_and_impact": "Data indicates that the vulnerability involves execution with unnecessary privileges, allowing a local attacker who already holds high privileged access to elevate their rights further. This flaw aligns with CWE\u2011250, permitting the attacker to gain unauthorized administrative capabilities that can compromise system integrity or enable the execution of arbitrary commands on Dell PowerScale OneFS devices.", "risk_and_exploitability": "The CVSS score of 6.7 denotes a moderate severity, while an EPSS score under 1% suggests exploitation is unlikely but not impossible. The vulnerability is not listed as a known exploited vulnerability by CISA, and the attack requires local high privileged access, meaning it is not remotely exploitable. Nevertheless, local users with high privileges should obtain the patch promptly to prevent privilege escalation."}}}}, "created": "2026-03-04T21:03:34.032633+00:00", "title": "Unnecessary Privilege Execution Elevates Local User Access in Dell PowerScale OneFS", "updated": "2026-04-16T13:45:21.946305+00:00", "vendors": ["dell", "dell$PRODUCT$powerscale_onefs"]}