CVE-2026-22270
📋 TL;DR
Dell PowerScale OneFS contains an uncontrolled search path vulnerability that allows high-privileged local attackers to execute arbitrary code by manipulating the search path. This affects Dell PowerScale OneFS versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1. Attackers could gain elevated privileges, cause denial of service, or access sensitive information.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
A high-privileged attacker with local access could achieve full system compromise, including root-level code execution, complete data exfiltration, and persistent backdoor installation.
Likely Case
Privileged insiders or compromised administrative accounts could elevate privileges to root, access sensitive system files, or disrupt OneFS cluster operations.
If Mitigated
With proper access controls and monitoring, impact is limited to isolated systems with minimal data exposure and quick containment.
🎯 Exploit Status
Exploitation requires high-privileged local access and knowledge of the system's search path configuration. No public exploits have been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.10.1.6 or later for 9.10.x branch; 9.12.0.2 or later for 9.11.x/9.12.x branches
Vendor Advisory: https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities
Restart Required: Yes
Instructions:
1. Download the appropriate patch from Dell Support. 2. Apply the patch following Dell's OneFS upgrade procedures. 3. Reboot the affected nodes as required by the update process. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Local Administrative Access
linuxLimit the number of users with high-privileged local access to only essential personnel.
# Review and audit local user accounts with administrative privileges
# Remove unnecessary administrative accounts
# Implement strict access controls for remaining admin accounts
Implement File Integrity Monitoring
linuxMonitor critical system directories for unauthorized changes to detect potential exploitation attempts.
# Configure auditd or similar monitoring tools
# Set up alerts for changes to system PATH variables
# Monitor /usr/local/bin, /usr/bin, and other critical directories
🧯 If You Can't Patch
- Implement strict least-privilege access controls for all local user accounts
- Deploy network segmentation to isolate PowerScale systems from general user networks
🔍 How to Verify
Check if Vulnerable:
Check the OneFS version using 'isi version' command and compare against affected versions. Also verify local user privileges.Check Version:
isi versionVerify Fix Applied:
Run 'isi version' to confirm version is 9.10.1.6 or higher for 9.10.x, or 9.12.0.2 or higher for 9.11.x/9.12.x branches.📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from non-standard paths
- Changes to system PATH environment variables
- Unauthorized privilege escalation attempts
Network Indicators:
- Unusual outbound connections from PowerScale nodes
- Unexpected SSH or administrative access patterns
SIEM Query:
source="powerscale" AND (event_type="privilege_escalation" OR process_path="*/tmp/*" OR user="root" AND command="chmod" OR command="chown")