Platform
dell
Component
dell-powerscale-onefs
Fixed in
9.13.0.2
9.13.0.2
CVE-2026-27102 describes an incorrect privilege assignment vulnerability found in Dell PowerScale OneFS. Successful exploitation could allow a low-privileged attacker with local access to elevate their privileges within the system. This vulnerability affects versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1. A patch is available in version 9.10.1.7 or later.
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability (CVE-2026-27102). This flaw allows a low-privileged attacker with local access to potentially elevate their privileges within the system. The vulnerability’s severity, according to CVSS, is 6.6, indicating a moderate risk. Successful exploitation could compromise the integrity and confidentiality of data stored on the PowerScale system, enabling unauthorized access to sensitive information or modification of system configuration. Addressing this vulnerability is crucial to protect data and the stability of the PowerScale environment.
The vulnerability requires local access to the PowerScale OneFS system. An attacker with this access, but with limited privileges, could exploit the incorrect privilege assignment to gain access to functions or data that would not normally be available to their user profile. The complexity of exploitation is considered low, meaning advanced technical skills are not required to carry out the attack. The attacker might use scripting tools or operating system commands to take advantage of the flaw. The absence of a KEV (Knowledge Enrichment Vector) indicates that Dell has not provided detailed information on the specific exploitation method, underscoring the importance of applying the security update as soon as possible.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for this vulnerability is to upgrade to Dell PowerScale OneFS version 9.10.1.7 or later. Dell has released specific updates to correct this incorrect privilege assignment. Applying these updates as soon as possible, following best practices for patch management, is recommended. Prior to applying the update, it’s essential to perform a full system backup to ensure recoverability in case of issues. Additionally, review existing access and privilege policies to ensure the principle of least privilege is applied and unnecessary access is limited. Timely application of these measures will significantly reduce the risk of exploitation.
Apply the security update DSA-2026-125 provided by Dell to correct the incorrect privilege assignment vulnerability in PowerScale OneFS. Refer to Dell documentation for detailed instructions on how to apply the update. Ensure you perform a backup before applying any update.
Vulnerability analysis and critical alerts directly to your inbox.
The affected versions are 9.5.0.0 to 9.10.1.6 and 9.11.0.0 to 9.13.0.1.
You can verify your system’s version through the management interface or via the command line.
If immediate updating isn’t possible, implement additional security measures, such as restricting local access and reviewing privilege policies.
No, a KEV is not currently available for CVE-2026-27102.
Consult the Dell PowerScale OneFS documentation and release notes for detailed instructions on updating.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.