Plattform
dell
Komponente
dell-powerscale-onefs
Behoben in
9.13.0.2
9.13.0.2
CVE-2026-27102 describes an incorrect privilege assignment vulnerability found in Dell PowerScale OneFS. Successful exploitation could allow a low-privileged attacker with local access to elevate their privileges within the system. This vulnerability affects versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1. A patch is available in version 9.10.1.7 or later.
Successful exploitation of CVE-2026-27102 could grant an attacker unauthorized access to sensitive data and system resources within the PowerScale OneFS environment. A low-privileged user could gain administrative privileges, allowing them to modify configurations, access restricted files, and potentially disrupt storage operations. The blast radius extends to any data stored on the affected OneFS cluster, and the attacker could leverage elevated privileges for lateral movement within the network if other systems are accessible from the OneFS server. This vulnerability highlights the importance of least privilege principles and robust access controls within storage infrastructure.
CVE-2026-27102 was published on April 8, 2026. Severity is currently assessed as Medium (CVSS 6.6). Public exploits are not currently known, and there is no indication of active campaigns targeting this vulnerability. It is not listed on KEV or EPSS, suggesting a low to medium probability of exploitation in the near term. Refer to Dell's security advisory for further details and specific mitigation recommendations.
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-27102 is to upgrade Dell PowerScale OneFS to version 9.10.1.7 or later. If an immediate upgrade is not feasible, consider restricting local access to the OneFS cluster and implementing strict access control lists (ACLs) to limit the potential impact of a successful exploit. Review user permissions and ensure that only authorized personnel have access to sensitive data and administrative functions. Monitor system logs for suspicious activity and implement intrusion detection systems (IDS) to detect potential exploitation attempts. After upgrading, confirm the fix by attempting to execute commands with a low-privileged user account and verifying that privilege escalation is prevented.
Aplique la actualización de seguridad DSA-2026-125 proporcionada por Dell para corregir la vulnerabilidad de asignación incorrecta de privilegios en PowerScale OneFS. Consulte la documentación de Dell para obtener instrucciones detalladas sobre cómo aplicar la actualización. Asegúrese de realizar una copia de seguridad antes de aplicar cualquier actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
The affected versions are 9.5.0.0 to 9.10.1.6 and 9.11.0.0 to 9.13.0.1.
You can verify your system’s version through the management interface or via the command line.
If immediate updating isn’t possible, implement additional security measures, such as restricting local access and reviewing privilege policies.
No, a KEV is not currently available for CVE-2026-27102.
Consult the Dell PowerScale OneFS documentation and release notes for detailed instructions on updating.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.