Unauthorized access: Vulnerabilities in Dell's OneFS NAS OS
Security updates close multiple vulnerabilities in Dell PowerScale OneFS. Attackers can, among other things, disable instances.
(Image: AFANASEV IVAN/Shutterstock.com)
Dell's NAS operating system PowerScale OneFS is vulnerable to several security flaws. Patched versions are available for download.
Possible Attacks
In a warning message, the developers state that attackers can compromise systems after successful attacks. One of the vulnerabilities is classified with the threat level "high" (CVE-2026-22278). If an attacker has remote access, they can exploit the vulnerability without authentication and thus gain further access. How such an attack could proceed and what attackers can do specifically afterwards is currently unclear.
The remaining vulnerabilities (e.g., CVE-2026-22280) are classified as "medium" and "low". At these points, attackers can initiate DoS attacks, for example, and thus trigger crashes. Dell currently provides no indication whether attacks are already underway. It also remains unclear how admins can identify already attacked instances.
Videos by heise
Protecting Systems
To prevent the described attacks, administrators must install one of the repaired PowerScale OneFS versions:
- 9.5.1.6
- 9.7.1.11
- 9.10.1.4
- 9.13.0.0
(des)
