Platform
dell
Component
dell-powerscale-onefs
Fixed in
9.10.1.7
9.13.0.1
CVE-2026-24511 describes an information disclosure vulnerability present in Dell PowerScale OneFS. This flaw allows a high-privileged attacker with local access to trigger error messages that inadvertently expose sensitive information. The vulnerability impacts versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0. A fix is available in version 9.10.1.7 or later.
Successful exploitation of CVE-2026-24511 could lead to the exposure of sensitive data stored or processed by the Dell PowerScale OneFS system. While the vulnerability requires local access and high privileges, a compromised administrator account or a local attacker gaining access to the system could leverage this flaw. The specific information disclosed depends on the error messages generated, but could include configuration details, user credentials, or potentially even data stored within the OneFS environment. This could facilitate further attacks, such as privilege escalation or data exfiltration.
CVE-2026-24511 was publicly disclosed on 2026-04-08. Currently, there are no known public proof-of-concept exploits available. The vulnerability's severity is rated as MEDIUM, suggesting a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-24511 is to upgrade Dell PowerScale OneFS to version 9.10.1.7 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls to limit the number of users with high privileges on the system. Monitor system logs for unusual error messages or patterns that might indicate exploitation attempts. While a WAF is unlikely to directly mitigate this vulnerability, reviewing and hardening OneFS configuration can reduce the attack surface. After upgrading, verify the fix by attempting to trigger the vulnerable error message and confirming that sensitive information is no longer disclosed.
Update Dell PowerScale OneFS to version 9.10.1.7 or later, or to version 9.13.0.1 or later to mitigate the information disclosure vulnerability. Refer to security advisory DSA-2026-125 on the Dell support website for detailed instructions on how to apply the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-24511 is a medium-severity vulnerability in Dell PowerScale OneFS allowing a local attacker to trigger error messages revealing sensitive information.
You are affected if you are running Dell PowerScale OneFS versions 9.5.0.0–9.10.1.6 or 9.11.0.0–9.13.0.0.
Upgrade to Dell PowerScale OneFS version 9.10.1.7 or later to resolve this information disclosure vulnerability.
As of the current disclosure date, there are no confirmed reports of active exploitation of CVE-2026-24511.
Refer to the official Dell Security Advisory for detailed information and updates regarding CVE-2026-24511.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.