CVE-2026-22280

#!/usr/bin/env python3 """ CVE-2026-22280 PoC - Dell PowerScale OneFS Permission Misconfiguration Note: This is a conceptual PoC for demonstration purposes only. Actual exploitation requires local access and specific conditions. """ import os import sys import subprocess import json def check_vulnerability(target_host): """ Check if target is vulnerable to CVE-2026-22280 """ print(f"[*] Checking vulnerability on {target_host}") print("[*] This vulnerability requires:") print(" - Local access to the system") print(" - Low-privilege user account") print(" - User interaction to trigger the exploit") # Check OneFS version version_check = subprocess.run( ["isi", "version"], capture_output=True, text=True ) print(f"[*] OneFS Version: {version_check.stdout}") # Check for vulnerable versions vulnerable_versions = [ ("9.5.0.0", "9.5.1.5"), ("9.6.0.0", "9.7.1.10"), ("9.8.0.0", "9.10.1.3"), ("9.11.0.0", "9.13.0.0") ] print("[*] Vulnerable versions:") for start, end in vulnerable_versions: print(f" - {start} through {end}") return { "cve_id": "CVE-2026-22280", "target": target_host, "vulnerable": True, "cvss_score": 5.0, "severity": "MEDIUM", "attack_vector": "LOCAL", "privilege_required": "LOW", "user_interaction": "REQUIRED" } if __name__ == "__main__": target = sys.argv[1] if len(sys.argv) > 1 else "localhost" result = check_vulnerability(target) print("\n[+] Scan Results:") print(json.dumps(result, indent=2))

{"cve": {"id": "CVE-2026-22280", "sourceIdentifier": "[email protected]", "published": "2026-01-22T19:15:57.023", "lastModified": "2026-01-28T18:14:37.460", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains an incorrect permission assignment for critical resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service."}, {"lang": "es", "value": "Dell PowerScale OneFS, versiones 9.5.0.0 hasta 9.5.1.5, versiones 9.6.0.0 hasta 9.7.1.10, versiones 9.8.0.0 hasta 9.10.1.3, versiones a partir de 9.11.0.0 y anteriores a 9.13.0.0, contiene una vulnerabilidad de asignación de permisos incorrecta para un recurso crítico. Un atacante con privilegios bajos y acceso local podría potencialmente explotar esta vulnerabilidad, lo que podría llevar a una denegación de servicio."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.3, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-732"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.5.0.0", "versionEndExcluding": "9.5.1.6", "matchCriteriaId": "75F87F94-D52B-4D81-89A7-CBE5AEFEBA5A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.6.0.0", "versionEndExcluding": "9.7.1.11", "matchCriteriaId": "8E921D4F-223E-4630-897F-B55D2B1E06A7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.8.0.0", "versionEndExcluding": "9.10.1.4", "matchCriteriaId": "80A6C071-87C3-40C6-8C26-F6D239A77388"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.11.0.0", "versionEndExcluding": "9.13.0.0", "matchCriteriaId": "9019F2DB-1449-4315-85CB-A35BB2AEF4BB"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000415586/dsa-2026-049-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}