{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22768", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-09T18:05:08.764Z", "datePublished": "2026-04-01T12:18:38.716Z", "dateUpdated": "2026-04-02T03:56:01.058Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-01T12:18:38.716Z"}, "datePublic": "2026-04-01T06:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "AppSync", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.1.0 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Dell would like to thank Marius Gabriel Mihai for reporting this issue.", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-22768"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T03:56:01.058Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22768", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T12:50:41.608054Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T12:50:46.376Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dell would like to thank Marius Gabriel Mihai for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "AppSync", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.1.0 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-01T12:18:38.716Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22768", "state": "PUBLISHED", "dateUpdated": "2026-04-02T03:56:01.058Z", "dateReserved": "2026-01-09T18:05:08.764Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-01T12:18:38.716Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:appsync:*:*:*:*:*:*:*:*", "matchCriteriaId": "27464B6B-D2A8-48ED-A83B-404A6870E6D6", "versionEndExcluding": "4.6.1.0", "versionStartIncluding": "4.6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges."}], "id": "CVE-2026-22768", "lastModified": "2026-04-02T16:54:13.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-01T13:16:33.950", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.6.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "AppSync", "source": "cna", "vendor": "Dell"}, "product": "appsync", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-02T02:48:25.280880+00:00", "value": {"mitigation_remediation": ["Apply the Dell security update (DSA\u20112026\u2011163) for AppSync 4.6.0 as referenced in the Dell advisory.", "Verify that the patch has been successfully installed on all affected instances.", "Limit local user privileges or isolate sensitive resources until the update is applied."], "summary": {"action": "Immediate Patch", "impact": "Elevation of Privileges"}, "threat_synthesis": {"affected_systems": "The affected product is Dell AppSync, specifically version 4.6.0. All installations of this version running on local environments are considered vulnerable.", "description_and_impact": "Dell AppSync version 4.6.0 contains an incorrect permission assignment for a critical resource. This flaw allows a low\u2011privileged local user to gain elevated privileges, enabling the attacker to perform unauthorized actions with higher system rights. The vulnerability is rooted in improper access control and is classified as CWE\u2011732.", "risk_and_exploitability": "With a CVSS score of 7.3 the flaw is of moderate to high severity. The attack vector is local, so the attacker must have direct host access. Although the vulnerability can raise a local user to a higher privilege level, it does not enable remote exploitation and is not listed in the CISA KEV catalog. Exploit likelihood is not reported, but the impact remains significant for systems where local users are present."}}}}, "created": "2026-04-02T07:49:17.296516+00:00", "title": "Incorrect Permission Assignment Enables Local Privilege Escalation in Dell AppSync", "updated": "2026-04-02T20:17:40.734106+00:00", "vendors": ["dell", "dell$PRODUCT$appsync"]}