Skip to main content

Dell PowerScale OneFS CVE-2026-40633

| EUVDEUVD-2026-44607 MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2026-07-15 dell GHSA-gxv8-ggvr-3r24
5.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (dell) PRIMARY
HIGH
qualitative
NVD
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
5.5 MEDIUM

Local low-privileged access with no interaction reads logged secrets, so AV:L/PR:L/C:H; a pure log-disclosure flaw has no integrity or availability impact, unlike the vendor's I:H/A:H.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Severity Changed
Jul 15, 2026 - 19:52 NVD
HIGH MEDIUM
CVSS changed
Jul 15, 2026 - 19:52 NVD
7.8 (HIGH) 5.5 (MEDIUM)
Patch available
Jul 15, 2026 - 12:02 EUVD
Analysis Generated
Jul 15, 2026 - 11:15 vuln.today
CVE Published
Jul 15, 2026 - 10:07 cve.org
HIGH 7.8

DescriptionNVD

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

AnalysisAI

Local information disclosure in Dell PowerScale OneFS (9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2) arises from sensitive data being written to log files, allowing a low-privileged local user to read secrets they should not access. Dell reported the issue (advisory DSA-2026-261) with no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local account on OneFS
Exploit
Access readable OneFS log files
Execution
Extract logged credentials/secrets
Impact
Reuse secrets for unauthorized data access

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to the OneFS cluster and a valid low-privileged account (CVSS PR:L, AV:L), plus the presence of sensitive data actually written to a log file that the attacker's account can read - the flaw yields nothing if no secret was logged or if log access is properly restricted. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The published CVSS 3.1 base score is 7.8 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged local account on the PowerScale cluster - for example a limited administrator, a compromised service account, or a malicious insider - reads OneFS log files and finds sensitive material such as credentials or tokens recorded in cleartext. They reuse those secrets to access data or systems beyond their authorization. …
Remediation Upgrade OneFS to a Dell-remediated release as directed in advisory DSA-2026-261 (https://www.dell.com/support/kbdoc/en-us/000483600/dsa-2026-261-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities); the input does not include a single exact fix build, so treat this as Patch available per vendor advisory and consult the DSA-2026-261 version matrix for the precise fixed build corresponding to your 9.5-9.13 branch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all Dell PowerScale OneFS systems in your environment and verify whether they run affected versions 9.5.0.0-9.10.1.7 or 9.11.0.0-9.13.0.2; notify your infrastructure and data security teams of the local access prerequisite and the log-based exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-27690 CRITICAL
9.8 Apr 10

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. Rated critic

CVE-2024-53298 CRITICAL
9.8 Jun 20

CVE-2024-53298 is a critical missing authorization vulnerability in Dell PowerScale OneFS NFS export functionality that

CVE-2023-32493 CRITICAL
9.8 Aug 16

Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. Rated critical severity (CVSS 9.8)

CVE-2022-31230 CRITICAL
9.8 Jun 28

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. Rated critical severity (C

CVE-2024-22463 CRITICAL
9.1 Mar 04

Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. R

CVE-2023-32457 HIGH
8.8 Aug 29

Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. Rated high sev

CVE-2021-21553 HIGH
8.8 Aug 03

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific condit

CVE-2026-22278 HIGH
8.1 Jan 22

Powerscale Onefs versions up to 9.13.0.0 is affected by improper restriction of excessive authentication attempts (CVSS

CVE-2024-29170 HIGH
8.1 Jun 04

Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. Rated high s

CVE-2023-44295 HIGH
8.1 Dec 05

Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime v

CVE-2024-32853 HIGH
7.8 Jul 02

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. R

CVE-2024-25960 HIGH
7.8 Mar 28

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulner

Share

CVE-2026-40633 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy