CVE-2026-22767: Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged att

Description

Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Affected Products

Vendor	Product	Versions
Dell	AppSync	0

References

https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities(vendor-advisory)

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-22767 | Dell AppSync 4.6.0 symlink (dsa-2026-163)

→ No new info (linked only)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.6.1.0 or later

CWECWE-61

PublishedApr 1, 2026

Last enriched4h ago

Trending Score27

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-22768

CVE-2026-22768: Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low

Trending: 32

MEDIUMCVE-2026-28265

CVE-2026-28265: PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access cou

Trending: 22

MEDIUMCVE-2026-22764

Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability

HIGHCVE-2025-36589

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially explo

MEDIUMCVE-2026-24510

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vu

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Patch Available

Apr 1, 2026