TOCTOU Race Condition in Dell PowerScale OneFS
CVE-2026-22281

3.5LOW

Key Information:

Vendor: Dell
Status: Powerscale Onefs
Vendor: CVE Published:; 22 January 2026

What is CVE-2026-22281?

A race condition vulnerability exists in Dell PowerScale OneFS, specifically affecting several versions between 9.5.0.0 and pre-9.13.0.0. This time-of-check time-of-use (TOCTOU) flaw allows a low privileged attacker with network access to exploit the condition, potentially resulting in a denial of service. Organizations using the affected versions should apply security updates to mitigate this risk and ensure the integrity of their systems.

Affected Version(s)

PowerScale OneFS < 9.13.0.0

PowerScale OneFS < 9.5.1.6

PowerScale OneFS < 9.7.1.11

References

https://www.dell.com/support/kbdoc/en-us/000415586/dsa-20...

vendor-advisory

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22281 Data

JSON