How serious is CVE-2026-21422?

This vulnerability has a CVSS score of 6.7 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-21422?

Yes, proof-of-concept exploit code for CVE-2026-21422 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-21422?

CVE-2026-21422 affects dell powerscale onefs. Check the full CVE details for specific version information.

How do I fix CVE-2026-21422?

To remediate CVE-2026-21422, check for security patches from dell. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-21422

Medium

|6.7

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows a highly privileged attacker with local access to bypass security protections on Dell PowerScale OneFS, potentially compromising the system's integrity. To exploit this issue, the attacker must already have elevated access to the system, making it a concern primarily for environments where local access is not well controlled.

Technical Description

Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$966($500-$1K)

Vendor Response

Grade APatched in 0 days

Quick Information

Published

Mar 4, 2026

about 1 month ago

Last Modified

Mar 4, 2026

about 1 month ago

Vendor

dell

Product

powerscale onefs

Related Vulnerabilities

CVE-2026-25907High

An attacker can exploit a flaw in Dell PowerScale OneFS to lock out user accounts, causing a denial of service that prevents legitimate users from accessing the system. This requires the attacker to have remote access, but they do not need to be authenticated to take advantage of this vulnerability.

CVE-2026-22270Medium

This vulnerability allows a high-privileged attacker with local access to the Dell PowerScale OneFS system to potentially disrupt services, gain higher access rights, or access sensitive information. It affects specific versions of the software, so users running outdated versions are at risk.

CVE-2026-21426Medium

This vulnerability allows a high-privileged attacker with local access to the Dell PowerScale OneFS system to potentially cause a denial of service, gain higher privileges, or access sensitive information. It affects specific versions of the software, so systems running outdated versions are at risk.

CVE-2026-21425High

An attacker with low-level access to a Dell PowerScale OneFS system could exploit a flaw to gain higher privileges, allowing them to perform unauthorized actions. This vulnerability affects specific versions of the software, so it’s crucial to ensure you are running an updated version to protect against this risk.

CVE-2026-21424Medium

An attacker with local access to Dell PowerScale OneFS can exploit a flaw to gain higher privileges than intended, potentially allowing them to execute unauthorized actions on the system. This vulnerability affects specific versions of the software, so users should ensure they are running the latest updates to mitigate the risk.