CVE-2026-21425
📋 TL;DR
Dell PowerScale OneFS contains an incorrect privilege assignment vulnerability that allows local low-privileged attackers to elevate their privileges. This affects versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1. Organizations using vulnerable versions of Dell PowerScale OneFS storage systems are at risk.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with initial low-privileged access could gain full administrative control over the PowerScale OneFS system, potentially compromising all stored data and system functionality.
Likely Case
Malicious insiders or attackers who have gained initial foothold could escalate privileges to access sensitive data, modify configurations, or disrupt storage operations.
If Mitigated
With proper network segmentation, strict access controls, and monitoring, impact is limited to isolated storage segments with minimal data exposure.
🎯 Exploit Status
Exploitation requires local access with some level of initial privileges. No public exploit code has been identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to OneFS 9.10.1.6 or later, or 9.12.0.2 or later for affected 9.11.x/9.12.x versions
Vendor Advisory: https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities
Restart Required: Yes
Instructions:
1. Review Dell advisory DSA-2026-038. 2. Backup system configurations and data. 3. Apply the appropriate OneFS update via the PowerScale web interface or CLI. 4. Reboot the system as required. 5. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Local Access
allLimit local system access to only authorized administrators through strict access controls and network segmentation.
Implement Least Privilege
allEnsure all user accounts operate with minimum necessary privileges to reduce impact if credentials are compromised.
🧯 If You Can't Patch
- Isolate PowerScale systems from general network access using strict firewall rules and network segmentation.
- Implement enhanced monitoring and logging for privilege escalation attempts and unusual administrative activities.
🔍 How to Verify
Check if Vulnerable:
Check the OneFS version via the web interface or CLI command 'isi version'. Compare against affected versions: <9.10.1.6 or 9.11.0.0-9.12.0.1.Check Version:
isi versionVerify Fix Applied:
After patching, verify the version is 9.10.1.6 or higher, or 9.12.0.2 or higher for 9.11.x/9.12.x systems.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation events
- Multiple failed privilege change attempts followed by success
- Administrative actions from non-admin accounts
Network Indicators:
- Unexpected administrative access patterns to PowerScale management interfaces
SIEM Query:
source="powerscale" AND (event_type="privilege_escalation" OR user_change="admin")