Plattform
dell
Komponente
dell-powerscale-onefs
Behoben in
9.10.1.7
9.13.0.1
CVE-2026-24511 affects Dell PowerScale OneFS, specifically versions 9.5.0.0 through 9.10.1.6 and 9.11.0.0 through 9.13.0.0. This vulnerability involves the generation of error messages that inadvertently contain sensitive information. An attacker with local access and high privileges could potentially exploit this flaw to disclose confidential data.
The primary impact of CVE-2026-24511 is information disclosure. A successful attacker, possessing local access and high privileges within the Dell PowerScale OneFS environment, can trigger the generation of error messages that reveal sensitive data. This data could include configuration details, internal system information, or potentially even user credentials. While the vulnerability requires local access, the potential for data exfiltration poses a significant risk to the confidentiality of the system and its data. The blast radius is limited to the information contained within the error messages, but the sensitivity of that information can vary.
CVE-2026-24511 was published on 2026-04-08 with a CVSS score of 4.4 (MEDIUM). It is not currently listed on KEV or EPSS, suggesting a low to medium probability of exploitation. No public proof-of-concept exploits are currently known. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation attempts.
Organizations heavily reliant on Dell PowerScale OneFS for data storage and management are at risk, particularly those with legacy configurations or a large number of users with elevated privileges. Environments with limited security monitoring and incident response capabilities are also more vulnerable.
• linux / server:
journalctl -u onesfs | grep -i "sensitive information"• generic web:
curl -I <onesfs_url> | grep -i "sensitive information"disclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2026-24511 is to upgrade Dell PowerScale OneFS to version 9.10.1.7 or later, which includes the fix. If immediate upgrading is not possible, restrict local access to the system to only authorized personnel. Implement robust monitoring and auditing of system logs to detect any suspicious activity related to error message generation. Consider implementing network segmentation to limit the potential impact of a successful exploit. After upgrading, verify the fix by attempting to trigger the vulnerable error message and confirming that sensitive information is no longer disclosed.
Actualice Dell PowerScale OneFS a la versión 9.10.1.7 o posterior, o a la versión 9.13.0.1 o posterior para mitigar la vulnerabilidad de divulgación de información. Consulte la nota de seguridad DSA-2026-125 en el sitio web de soporte de Dell para obtener instrucciones detalladas sobre cómo aplicar la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-24511 is a medium-severity vulnerability in Dell PowerScale OneFS allowing a local attacker to trigger error messages revealing sensitive information.
You are affected if you are running Dell PowerScale OneFS versions 9.5.0.0–9.10.1.6 or 9.11.0.0–9.13.0.0.
Upgrade to Dell PowerScale OneFS version 9.10.1.7 or later to resolve this information disclosure vulnerability.
As of the current disclosure date, there are no confirmed reports of active exploitation of CVE-2026-24511.
Refer to the official Dell Security Advisory for detailed information and updates regarding CVE-2026-24511.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.