CVE-2026-22768: Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low

Description

Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Affected Products

Vendor	Product	Versions
Dell	AppSync	0

References

https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities(vendor-advisory)

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-22768 | Dell AppSync 4.6.0 permission assignment (dsa-2026-163)

→ No new info (linked only)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.6.1.0 or later

CWECWE-732

PublishedApr 1, 2026

Last enriched2h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-22767

CVE-2026-22767: Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged att

Trending: 27

MEDIUMCVE-2026-28265

CVE-2026-28265: PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access cou

Trending: 23

MEDIUMCVE-2026-22764

Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability

HIGHCVE-2025-36589

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially explo

MEDIUMCVE-2026-24510

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vu

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: tags

Apr 1, 2026

Patch Available

Apr 1, 2026

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated severity to CRITICAL, CVSS score to 7.5, and added tags related to the vulnerability.