{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24511", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-23T06:07:21.818Z", "datePublished": "2026-04-08T12:28:21.077Z", "dateUpdated": "2026-04-08T16:13:35.249Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-08T12:28:21.077Z"}, "datePublic": "2026-04-05T18:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-209", "description": "CWE-209: Generation of Error Message Containing Sensitive Information", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "0", "lessThan": "9.10.1.7 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and\u00a0versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A\u00a0high privileged attacker with local access\u00a0could potentially exploit this vulnerability, leading to information disclosure.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T15:43:07.952309Z", "id": "CVE-2026-24511", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T16:13:35.249Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24511", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T15:43:07.952309Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T15:43:14.751Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "0", "lessThan": "9.10.1.7 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-05T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and\u00a0versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A\u00a0high privileged attacker with local access\u00a0could potentially exploit this vulnerability, leading to information disclosure.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209: Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-08T12:28:21.077Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24511", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:13:35.249Z", "dateReserved": "2026-01-23T06:07:21.818Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-08T12:28:21.077Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and\u00a0versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A\u00a0high privileged attacker with local access\u00a0could potentially exploit this vulnerability, leading to information disclosure."}], "id": "CVE-2026-24511", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-08T13:16:40.367", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000449337/dsa-2026-125-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,9.10.1.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerScale OneFS", "source": "cna", "vendor": "Dell"}, "product": "powerscale_onefs", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-08T13:20:24.884116+00:00", "value": {"mitigation_remediation": ["Update OneFS to the latest patched release using the Dell security update for CVE-2026-24511.", "Confirm that the OneFS version is beyond the affected range (9.5.0.0\u20139.13.0.0) after the update.", "Restrict local administrative privileges or isolate the storage system until the patch is applied, and monitor error logs for unexpected sensitive data exposures."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Dell PowerScale OneFS NAS storage platforms are affected. The issue spans versions 9.5.0.0 through 9.10.1.6 and 9.11.0.0 through 9.13.0.0. Users running these releases with local administrative or root access are at risk.", "description_and_impact": "The vulnerability arises from error messages that unintentionally expose sensitive data. When triggered, these messages can reveal confidential system information. The flaw allows a high\u2011privileged local attacker to obtain disclosed data. This weakness corresponds to the CWE\u2011209 category, which focuses on Sensitive Data Exposure.", "risk_and_exploitability": "The assessed CVSS score of 4.4 indicates moderate severity. Exploit probability data is not available, and the vulnerability is not listed in the CISA KEV catalog. Successful exploitation requires high\u2011privileged local access, which limits the attack surface to users who already possess administrative rights. Because the flaw does not enable remote execution or privilege escalation, the overall risk to external adversaries is limited, but it remains important to address for internal threat mitigation."}}}}, "created": "2026-04-08T19:27:06.588193+00:00", "title": "Sensitive Data Exposure in Dell PowerScale OneFS Error Messages", "updated": "2026-04-08T19:39:38.030177+00:00", "vendors": ["dell", "dell$PRODUCT$powerscale_onefs"]}