Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Local low-privileged access with no interaction reads logged secrets, so AV:L/PR:L/C:H; a pure log-disclosure flaw has no integrity or availability impact, unlike the vendor's I:H/A:H.
Primary rating from Vendor (dell).
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionNVD
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
AnalysisAI
Local information disclosure in Dell PowerScale OneFS (9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2) arises from sensitive data being written to log files, allowing a low-privileged local user to read secrets they should not access. Dell reported the issue (advisory DSA-2026-261) with no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to the OneFS cluster and a valid low-privileged account (CVSS PR:L, AV:L), plus the presence of sensitive data actually written to a log file that the attacker's account can read - the flaw yields nothing if no secret was logged or if log access is properly restricted. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The published CVSS 3.1 base score is 7.8 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged local account on the PowerScale cluster - for example a limited administrator, a compromised service account, or a malicious insider - reads OneFS log files and finds sensitive material such as credentials or tokens recorded in cleartext. They reuse those secrets to access data or systems beyond their authorization. … |
| Remediation | Upgrade OneFS to a Dell-remediated release as directed in advisory DSA-2026-261 (https://www.dell.com/support/kbdoc/en-us/000483600/dsa-2026-261-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities); the input does not include a single exact fix build, so treat this as Patch available per vendor advisory and consult the DSA-2026-261 version matrix for the precise fixed build corresponding to your 9.5-9.13 branch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all Dell PowerScale OneFS systems in your environment and verify whether they run affected versions 9.5.0.0-9.10.1.7 or 9.11.0.0-9.13.0.2; notify your infrastructure and data security teams of the local access prerequisite and the log-based exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Powerscale Onefs
View allDell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. Rated critic
CVE-2024-53298 is a critical missing authorization vulnerability in Dell PowerScale OneFS NFS export functionality that
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. Rated critical severity (CVSS 9.8)
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. Rated critical severity (C
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. R
Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. Rated high sev
Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific condit
Powerscale Onefs versions up to 9.13.0.0 is affected by improper restriction of excessive authentication attempts (CVSS
Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. Rated high s
Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime v
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. R
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulner
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44607
GHSA-gxv8-ggvr-3r24