CVE-2026-21423 – Dell PowerScale OneFS has an incorrect default ... (How to Fix)

Q: What is the severity of CVE-2026-21423?

CVE-2026-21423 has a CVSS score of 6.7 (MEDIUM). Dell PowerScale OneFS has an incorrect default permissions vulnerability that allows high-privileged local attackers to execute arbitrary code, cause denial of service, escalate privileges, or access sensitive information. This affects Dell PowerScale OneFS versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1.

📋 TL;DR

Dell PowerScale OneFS has an incorrect default permissions vulnerability that allows high-privileged local attackers to execute arbitrary code, cause denial of service, escalate privileges, or access sensitive information. This affects Dell PowerScale OneFS versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1.

💻 Affected Systems

Products:

Dell PowerScale OneFS

Versions: Versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1

Operating Systems: OneFS (Dell's proprietary scale-out NAS operating system)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with high-privileged local users; requires attacker to already have elevated local access

📦 What is this software?

Powerscale Onefs by Dell

View all CVEs affecting Powerscale Onefs →

Powerscale Onefs by Dell

View all CVEs affecting Powerscale Onefs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level code execution, data exfiltration, and persistent backdoor installation

🟠

Likely Case

Privilege escalation from high-privileged user to root, enabling unauthorized access to sensitive data and system manipulation

🟢

If Mitigated

Limited impact due to strict access controls, network segmentation, and monitoring preventing local attacker access

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over network

🏢 Internal Only: HIGH - High-privileged insiders or compromised accounts with local access can exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Once local high-privileged access is obtained, exploitation is straightforward

Exploitation requires existing high-privileged local access; no public exploit code available at this time

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.10.1.6 or later for 9.10.x branch; 9.12.0.2 or later for 9.11.x/9.12.x branches

Vendor Advisory: https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Dell Support. 2. Apply the patch following Dell's OneFS update procedures. 3. Reboot the system as required. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Local Access

linux

Limit local access to only essential administrative users and implement strict access controls

# Review and restrict local user accounts
# isi auth users list
# isi auth groups list
# Remove unnecessary high-privileged accounts

Implement Least Privilege

linux

Ensure all users operate with minimum necessary privileges and monitor privileged account usage

# Review privilege assignments
# isi auth roles list
# isi auth privileges list
# Audit privilege assignments regularly

🧯 If You Can't Patch

Implement strict access controls to limit who has high-privileged local access to the system
Enable comprehensive logging and monitoring of all privileged account activity and file permission changes

🔍 How to Verify

Check if Vulnerable:

Check OneFS version using 'isi version' command and compare against affected versions

Check Version:

isi version

Verify Fix Applied:

Run 'isi version' command and verify version is 9.10.1.6 or later (for 9.10.x) or 9.12.0.2 or later (for 9.11.x/9.12.x)

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Unauthorized file permission changes
Suspicious local user activity from high-privileged accounts

Network Indicators:

N/A - Local-only vulnerability

SIEM Query:

source="OneFS" AND (event_type="privilege_escalation" OR event_type="permission_change" OR user="root" OR user="admin")

📊 Metadata

CVE ID: CVE-2026-21423

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: March 4, 2026

Last Updated: March 4, 2026

🔗 References

https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21423, you might also want to check these: