{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27102", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-02-17T18:05:21.467Z", "datePublished": "2026-04-08T12:11:23.717Z", "dateUpdated": "2026-04-08T17:41:34.157Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-08T12:11:23.717Z"}, "datePublic": "2026-04-05T18:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "0", "lessThan": "9.10.1.7 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS,\u00a0versions 9.5.0.0 through 9.10.1.6 and\u00a0versions 9.11.0.0 through 9.13.0.1,\u00a0contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T17:40:54.919473Z", "id": "CVE-2026-27102", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T17:41:34.157Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS,\u00a0versions 9.5.0.0 through 9.10.1.6 and\u00a0versions 9.11.0.0 through 9.13.0.1,\u00a0contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges."}], "id": "CVE-2026-27102", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-08T13:16:41.370", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,9.10.1.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerScale OneFS", "source": "cna", "vendor": "Dell"}, "product": "powerscale_onefs", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-08T13:20:56.176325+00:00", "value": {"mitigation_remediation": ["Apply the Dell PowerScale OneFS security update referenced at https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The affected environment is Dell PowerScale OneFS storage appliances running version 9.5.0.0 through 9.10.1.6 or 9.11.0.0 through 9.13.0.1. Any deployment within these version ranges is susceptible to the privilege escalation flaw.", "description_and_impact": "Dell PowerScale OneFS suffers from an incorrect privilege assignment flaw that enables a local user with low privileges to gain higher level permissions. The vulnerability allows the attacker to elevate their access without relying on additional exploits. The attack potential is confined to systems where an adversary already has local access and the ability to run code with limited rights.", "risk_and_exploitability": "The CVSS score of 6.6 indicates moderate severity. The exploit probability is not documented, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The exploit requires local user privileges and no network or remote interaction, limiting the threat surface to on\u2011premises environments where low\u2011privileged accounts exist."}}}}, "created": "2026-04-08T19:27:08.630476+00:00", "title": "Local Privilege Escalation via Incorrect Privilege Assignment in Dell PowerScale OneFS", "updated": "2026-04-08T19:39:40.044311+00:00", "vendors": ["dell", "dell$PRODUCT$powerscale_onefs"]}