Reference material — not professional advice. Test in staging, back up first, verify against your specific version. Use your own judgment for your environment.
● Low · CVSS 3.4

How to Fix CVE-2026-21422: PowerScale OneFS (Bundle Sibling)

By Sai Kiran Pandrala. Last verified: 2026-05-25.

CVE-2026-21422 is a sibling vulnerability in the same vendor advisory as CVE-2026-21421. Apply the same patched build and you close both. The technical detail below is what differs.

⚡ At a glance
Severity3.4 (Low)
Actively exploited?No public listing in CISA KEV
AffectedPowerScale OneFS 9.11.0.0 through 9.12.0.1 to <9.13.0.0 or later; PowerScale OneFS 9.10.0.0 through 9.10.1.5 to <9.10.1.6 or later
Fixed inSame patched build as CVE-2026-21421
Type (CWE)CWE-15: External Control of System or Configuration Setting

What's different about CVE-2026-21422?

Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.

How to fix CVE-2026-21422

Apply the patched build per the primary write-up: How to Fix CVE-2026-21421. All commands, verification steps, and rollback notes for PowerScale OneFS are listed there.

Frequently asked questions

Does the CVE-2026-21421 patch close CVE-2026-21422?

Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.

Is CVE-2026-21422 listed in CISA KEV?

No public KEV listing at the time of this writing.

Where is the official advisory?

See https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities

References

*Written by Sai Kiran Pandrala. Part of the PowerScale OneFS bundle. Full procedure at how-to-fix-cve-2026-21421.*