CVE-2026-21423 is a security vulnerability classified under CWE-276 (Incorrect Default Permissions) found in Dell PowerScale OneFS storage operating system versions prior to 9.10.1.6 and from 9.11.0.0 through 9.12.0.1. The flaw arises from improper default file or resource permissions that allow a user with high-level local privileges to exploit the system. Because the attacker must already have elevated local access, the vulnerability primarily facilitates further privilege escalation, unauthorized code execution, denial of service, and information disclosure. The vulnerability affects the confidentiality, integrity, and availability of the system. The CVSS v3.1 base score is 6.7, reflecting a medium severity with attack vector limited to local access (AV:L), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No public exploits have been reported yet, but the risk remains significant due to the potential impact on critical storage infrastructure. Dell has not yet published patch links, indicating that remediation may be pending or in progress. The vulnerability underscores the importance of secure default configurations in storage systems that are often critical to enterprise data integrity and availability.

The vulnerability could have severe consequences for organizations relying on Dell PowerScale OneFS for their storage infrastructure. Exploitation by a high privileged local attacker can lead to full system compromise through code execution, potentially allowing attackers to manipulate or destroy stored data, disrupt services via denial of service, escalate privileges further, and access sensitive information. This can result in data breaches, operational downtime, loss of data integrity, and significant financial and reputational damage. Since the attack requires local high privileges, the threat is most critical in environments where multiple users have elevated access or where attackers can gain such access through other means. The broad impact on confidentiality, integrity, and availability makes this vulnerability particularly concerning for enterprises, government agencies, and service providers that depend on PowerScale for critical data storage and management.

Organizations should immediately audit local user privileges on affected Dell PowerScale OneFS systems to ensure only trusted personnel have high privileged access. Restrict local access to the storage system consoles and management interfaces to minimize risk. Monitor system logs for unusual activities that could indicate exploitation attempts. Apply principle of least privilege rigorously to reduce the number of users with elevated rights. Since no patches are currently linked, maintain close communication with Dell for updates and apply security patches as soon as they become available. Consider implementing additional security controls such as multi-factor authentication for local access and network segmentation to isolate storage systems from less trusted networks. Conduct regular permission reviews and harden default configurations to prevent similar issues. Finally, prepare incident response plans to quickly address potential exploitation scenarios.