{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25907", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-02-08T18:05:27.450Z", "datePublished": "2026-03-04T13:06:09.209Z", "dateUpdated": "2026-03-04T14:08:41.408Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerScale OneFS", "vendor": "Dell", "versions": [{"lessThan": "9.13.0.1 or later", "status": "affected", "version": "9.13.0.0", "versionType": "semver"}]}], "datePublic": "2026-03-01T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.<br>"}], "value": "Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-645", "description": "CWE-645: Overly Restrictive Account Lockout Mechanism", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-04T13:06:09.209Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-sg/000434591/dsa-2026-095-security-update-for-dell-powerscale-onefs-overly-restrictive-account-lockout-mechanism-vulnerability"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T14:08:17.435071Z", "id": "CVE-2026-25907", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T14:08:41.408Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25907", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T14:08:17.435071Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T14:08:33.641Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerScale OneFS", "versions": [{"status": "affected", "version": "9.13.0.0", "lessThan": "9.13.0.1 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-01T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-sg/000434591/dsa-2026-095-security-update-for-dell-powerscale-onefs-overly-restrictive-account-lockout-mechanism-vulnerability", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-645", "description": "CWE-645: Overly Restrictive Account Lockout Mechanism"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-04T13:06:09.209Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25907", "state": "PUBLISHED", "dateUpdated": "2026-03-04T14:08:41.408Z", "dateReserved": "2026-02-08T18:05:27.450Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-03-04T13:06:09.209Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:powerscale_onefs:9.13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "387E2E26-BEB0-469E-A9EA-BF72473A0B2A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."}], "id": "CVE-2026-25907", "lastModified": "2026-03-04T20:45:09.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-04T13:15:58.470", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-sg/000434591/dsa-2026-095-security-update-for-dell-powerscale-onefs-overly-restrictive-account-lockout-mechanism-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-645"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.13.0.0,9.13.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerScale OneFS", "source": "cna", "vendor": "Dell"}, "product": "powerscale_onefs", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-16T13:35:00.962108+00:00", "value": {"mitigation_remediation": ["Download and install the official Dell PowerScale OneFS 9.13.0.0 security update, ensuring the account lockout policy is correctly configured.", "After applying the update, confirm that legitimate user accounts can log in and that the lockout mechanism no longer blocks authorized access for a short burst of failed attempts.", "Continuously monitor authentication logs for unexpected lockout events and adjust account lockout thresholds to prevent accidental denial of legitimate users."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Dell PowerScale OneFS releases beginning with version\u00a09.13.0.0, as identified in the Dell support advisory.", "description_and_impact": "Dell PowerScale OneFS version 9.13.0.0 includes an overly restrictive account lockout mechanism. An attacker who can connect remotely without valid credentials may trigger the lockout, preventing legitimate users from accessing the system. This results in a denial of service by rendering the storage array unusable for authenticated operations. The flaw falls under CWE\u2011645, indicating an insecure authentication configuration.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate severity, while the EPSS score of less than\u202f1\u202f% shows a very low exploitation probability at present. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. The attack vector is remote and unauthenticated; an attacker can reach the affected system over the network and activate the lockout policy without needing valid credentials."}}}}, "created": "2026-03-04T21:03:31.522554+00:00", "title": "Overly Restrictive Account Lockout Mechanism Causing Denial of Service in Dell PowerScale OneFS", "updated": "2026-04-16T13:45:21.944633+00:00", "vendors": ["dell", "dell$PRODUCT$powerscale_onefs"]}