DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-22768

High

Low Medium High Critical

7.3

CVSS Score

Published: Apr 01, 2026

Last Modified: Apr 02, 2026

CWE: CWE-732

Vulnerability Description

Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

3 configuration(s) from 1 vendor(s)

appsync

Version:

4.6.0.4

CPE:

cpe:2.3:a:dell:appsync:4.6.0.4:*:*:*:*:*:*:*

appsync

Version:

4.6.0.3

CPE:

cpe:2.3:a:dell:appsync:4.6.0.3:*:*:*:*:*:*:*

appsync

Version:

4.6.0.0

CPE:

cpe:2.3:a:dell:appsync:4.6.0.0:*:*:*:*:*:*:*

This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities
security_alert@emc.com Vendor Advisory

Severity Details

7.3

out of 10.0

High

Weakness Type (CWE)

CWE-732

Incorrect Permission Assignment for Critical Resource

Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class