CVE-2026-22281
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-22281, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-22

Last updated on: 2026-01-28

Assigner: Dell

Description

Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-22
Last Modified
2026-01-28
Generated
2026-07-06
AI Q&A
2026-01-22
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
dell powerscale_onefs From 9.5.0.0 (inc) to 9.5.1.6 (exc)
dell powerscale_onefs From 9.6.0.0 (inc) to 9.7.1.11 (exc)
dell powerscale_onefs From 9.8.0.0 (inc) to 9.10.1.4 (exc)
dell powerscale_onefs From 9.11.0.0 (inc) to 9.13.0.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Time-of-check Time-of-use (TOCTOU) race condition in Dell PowerScale OneFS software versions from 9.5.0.0 through prior to 9.13.0.0. It allows a low privileged attacker with adjacent network access to potentially exploit the timing issue between checking a condition and using a resource, which can lead to unexpected behavior.

Impact Analysis

Exploitation of this vulnerability could lead to a denial of service condition, meaning the affected system or service could become unavailable or disrupted.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22281. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart