CVE-2026-49501 in PowerScale OneFSinfo

Summary

by MITRE • 07/15/2026

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and versions 9.11.0.0 through 9.13.0.2 contains an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/15/2026

This vulnerability resides within Dell PowerScale OneFS storage operating system where improper privilege management allows a high-privileged attacker with local access to escalate their privileges. The flaw stems from inadequate enforcement of privilege boundaries within the system's authorization mechanisms, creating opportunities for unauthorized elevation of access rights. Such vulnerabilities typically manifest when the system fails to properly validate or enforce the principle of least privilege, allowing users with elevated local access to potentially bypass normal security controls and gain broader system permissions.

The technical implementation of this vulnerability involves weaknesses in how the storage operating system manages user sessions and access control tokens. When a local user with high privileges attempts to perform operations requiring additional permissions, the system fails to properly validate whether the user should be granted these elevated rights. This misconfiguration allows for privilege escalation through manipulation of session contexts or by exploiting gaps in permission checking mechanisms that should normally prevent such unauthorized access.

From an operational perspective, this vulnerability presents significant risks to organizations relying on Dell PowerScale storage solutions. The local access requirement means attackers must first compromise a system account or gain physical/remote access to the device itself before attempting exploitation. However, once successful, the privilege escalation could allow attackers to access sensitive data, modify storage configurations, or potentially disrupt critical storage services that support business operations. The impact extends beyond simple data access as storage systems often contain critical enterprise data and serve as foundational infrastructure components.

The vulnerability aligns with CWE-276 which specifically addresses improper privilege management and improper permissions in software systems. Additionally, this issue maps to ATT&CK technique T1068 which covers local privilege escalation through various system weaknesses. Organizations should consider implementing comprehensive patch management procedures to address the vulnerability in affected OneFS versions, particularly focusing on the specific version ranges mentioned from 9.5.0.0 through 9.10.1.7 and 9.11.0.0 through 9.13.0.2 where the flaw exists. Regular security assessments of storage infrastructure should include verification of privilege management controls, and system administrators should review user access permissions regularly to ensure that only authorized personnel maintain elevated privileges. Network segmentation and monitoring solutions should also be employed to detect unusual privilege escalation attempts or unauthorized local access to storage systems.

Responsible

Dell

Reservation

05/31/2026

Disclosure

07/15/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!