{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22767", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-09T18:05:08.764Z", "datePublished": "2026-04-01T12:07:50.386Z", "dateUpdated": "2026-04-01T19:04:27.520Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-01T12:24:41.046Z"}, "datePublic": "2026-04-01T06:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-61", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "AppSync", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.1.0 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Dell would like to thank falconCorrup for reporting this issue.", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T19:04:16.956356Z", "id": "CVE-2026-22767", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T19:04:27.520Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22767", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T19:04:16.956356Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T19:04:23.883Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dell would like to thank falconCorrup for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "AppSync", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.1.0 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.", "supportingMedia": [{"type": "text/html", "value": "Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-61", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-01T12:24:41.046Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22767", "state": "PUBLISHED", "dateUpdated": "2026-04-01T19:04:27.520Z", "dateReserved": "2026-01-09T18:05:08.764Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-01T12:07:50.386Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:appsync:*:*:*:*:*:*:*:*", "matchCriteriaId": "27464B6B-D2A8-48ED-A83B-404A6870E6D6", "versionEndExcluding": "4.6.1.0", "versionStartIncluding": "4.6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering."}], "id": "CVE-2026-22767", "lastModified": "2026-04-02T16:55:42.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-01T13:16:33.150", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-61"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.6.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "AppSync", "source": "cna", "vendor": "Dell"}, "product": "appsync", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-02T21:43:29.557676+00:00", "value": {"mitigation_remediation": ["Download and apply Dell DSA\u20112026\u2011163, the security update that addresses the symlink following vulnerability in AppSync\u00a04.6.0, from Dell\u2019s official support site.", "Confirm the patch has been applied by verifying the AppSync version and patch metadata."], "summary": {"action": "Patch ASAP", "impact": "Information tampering via local file modification"}, "threat_synthesis": {"affected_systems": "The flaw affects Dell AppSync version\u00a04.6.0. The impact applies to installations of the Dell AppSync product on Unix\u2011based operating systems where the application runs with local user privileges.", "description_and_impact": "Dell AppSync 4.6.0 contains a Unix symbolic\u2011link following flaw that allows an attacker who has local, low\u2011privilege access to modify files that the application is allowed to write. Exploiting this vulnerability can lead to unauthorized information tampering, potentially compromising data integrity on the affected host.", "risk_and_exploitability": "The CVSS base score of\u00a07.3 indicates a moderate to high severity, and the EPSS score of less than\u00a01% suggests that exploitation is unlikely at present. The vulnerability requires local access and does not involve remote exploitation. It is not listed in the CISA KEV catalog, indicating no known widespread active exploitation at this time. The flaw remains significant for environments where the application is used in ways that allow local users to run AppSync or where file integrity is critical."}}}}, "created": "2026-04-02T07:49:18.421180+00:00", "updated": "2026-04-03T09:19:09.447814+00:00", "vendors": ["dell", "dell$PRODUCT$appsync"]}