Cyber Posture

CVE-2026-22767

High

Published: 01 April 2026

Published
01 April 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
EPSS Score 0.0001 3.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22767 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Dell Appsync. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation directly applies the vendor patch that fixes the symlink following vulnerability in Dell AppSync 4.6.0.

SI-10 Information Input Validation partial match
prevent

Information input validation ensures file paths are properly checked to reject or sanitize symlinks, preventing symlink-based tampering.

AC-6 Least Privilege partial match
prevent

Least privilege limits the privileges of low-privileged local attackers and AppSync processes, reducing the impact of symlink exploitation on information integrity and availability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1222.002 Linux and Mac Permissions Defense Impairment
Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.
attack.mitre.org →
Why these techniques?

Symlink following in a local UNIX application directly enables arbitrary file tampering by low-privileged users, mapping to local privilege escalation (T1068) and Linux file/directory permission abuse (T1222.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Deeper analysisAI

CVE-2026-22767 is a UNIX Symbolic Link (Symlink) Following vulnerability (CWE-61) affecting Dell AppSync version 4.6.0. Published on 2026-04-01T13:16:33.150, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H), indicating high severity due to significant impacts on integrity and availability.

A low-privileged attacker with local access can exploit this vulnerability to tamper with information. The attack requires low privileges and local access but no user interaction, with unchanged scope, resulting in low confidentiality impact alongside high integrity and availability impacts.

Dell's security advisory DSA-2026-163 provides a security update for Dell AppSync vulnerabilities, including this issue, as detailed at https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities. Practitioners should apply the patch to mitigate the risk.

Details

CWE(s)
CWE-61

Affected Products

dell
appsync
4.6.0.0 — 4.6.1.0

CVEs Like This One

CVE-2026-22768Same product: Dell Appsync
CVE-2025-22480Same vendor: Dell
CVE-2026-32655Same vendor: Dell
CVE-2026-27102Same vendor: Dell
CVE-2025-21105Same vendor: Dell
CVE-2026-25906Same vendor: Dell
CVE-2026-23857Same vendor: Dell
CVE-2026-35155Same vendor: Dell
CVE-2026-24510Same vendor: Dell
CVE-2026-22765Same vendor: Dell

References