CVE-2026-22281 – A Time-of-check Time-of-use (TOCTOU) race condi... (How to Fix)

Q: What is the severity of CVE-2026-22281?

CVE-2026-22281 has a CVSS score of 3.5 (LOW). A Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Dell PowerScale OneFS allows low-privileged attackers with adjacent network access to potentially cause denial of service. This affects multiple versions of Dell PowerScale OneFS storage systems. Attackers need to be on the same network segment as the vulnerable system.

📋 TL;DR

A Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Dell PowerScale OneFS allows low-privileged attackers with adjacent network access to potentially cause denial of service. This affects multiple versions of Dell PowerScale OneFS storage systems. Attackers need to be on the same network segment as the vulnerable system.

💻 Affected Systems

Products:

Dell PowerScale OneFS

Versions: 9.5.0.0 through 9.5.1.5, 9.6.0.0 through 9.7.1.10, 9.8.0.0 through 9.10.1.3, 9.11.0.0 through 9.12.x.x (prior to 9.13.0.0)

Operating Systems: OneFS (Dell's proprietary storage OS)

Default Config Vulnerable: ⚠️ Yes

Notes: All systems running affected versions are vulnerable by default. Requires adjacent network access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability or crash of the PowerScale OneFS storage system, disrupting all storage services and data access.

🟠

Likely Case

Partial service disruption or performance degradation affecting specific storage operations or nodes.

🟢

If Mitigated

Minimal impact if network segmentation prevents adjacent access and proper monitoring detects anomalous activity.

🌐 Internet-Facing: LOW - Requires adjacent network access, not directly internet exploitable.

🏢 Internal Only: MEDIUM - Internal attackers with network access could disrupt critical storage infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires low privileged credentials and adjacent network access. TOCTOU race conditions typically require precise timing and multiple attempts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to OneFS 9.5.1.6+, 9.7.1.11+, 9.10.1.4+, or 9.13.0.0+ as appropriate for your version stream

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000415586/dsa-2026-049-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2026-049. 2. Download appropriate OneFS update from Dell Support. 3. Apply update following Dell's OneFS upgrade procedures. 4. Reboot system as required by update.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to PowerScale management interfaces to trusted administrative networks only

Configure network ACLs/firewalls to limit access to PowerScale nodes to authorized IP ranges only

Privilege Reduction

all

Minimize low-privileged user accounts with access to PowerScale systems

Review and remove unnecessary user accounts with access to PowerScale management interfaces

🧯 If You Can't Patch

Implement strict network segmentation to isolate PowerScale systems from non-administrative networks
Increase monitoring for anomalous access patterns or denial of service attempts against PowerScale systems

🔍 How to Verify

Check if Vulnerable:

Check OneFS version via CLI: 'isi version' or web UI under Cluster Management > General Setup

Check Version:

isi version

Verify Fix Applied:

Verify version is updated to patched release: 9.5.1.6+, 9.7.1.11+, 9.10.1.4+, or 9.13.0.0+

📡 Detection & Monitoring

Log Indicators:

Multiple rapid authentication attempts from same source
Unexpected process crashes or restarts in OneFS logs
Access pattern anomalies in audit logs

Network Indicators:

Unusual traffic spikes to PowerScale management interfaces
Multiple connection attempts from non-administrative networks

SIEM Query:

source="powerscale*" AND (event_type="authentication_failure" OR event_type="service_crash") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2026-22281

CVSS v3 Score: 3.5 (LOW)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-367

EPSS Score: 0.01% exploit probability (0.4th percentile)

Published: January 22, 2026

Last Updated: January 28, 2026

🔗 References

https://www.dell.com/support/kbdoc/en-us/000415586/dsa-2026-049-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22281, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Powerscale Onefs by Dell

Powerscale Onefs by Dell

Powerscale Onefs by Dell

Powerscale Onefs by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Privilege Reduction

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities