CVE-2026-22768

HighLPE

Published: 01 April 2026

Published

01 April 2026

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0001 2.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22768 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Dell Appsync. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Least privilege limits low-privileged local attackers from gaining unauthorized access to critical resources with incorrect permissions, directly preventing privilege escalation.

AC-3 Access Enforcement good match

prevent

Access enforcement ensures the system mediates and restricts access to critical resources according to defined permissions, mitigating exploitation of incorrect assignments.

CM-6 Configuration Settings good match

prevent

Configuration settings establish and maintain correct permissions on critical resources, preventing vulnerabilities from incorrect permission assignments.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local privilege escalation via incorrect permissions on critical resource directly matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Deeper analysisAI

CVE-2026-22768 is an Incorrect Permission Assignment for Critical Resource vulnerability (CWE-732) in Dell AppSync version 4.6.0. Published on 2026-04-01T13:16:33.950, it has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

A low-privileged attacker with local access can exploit this vulnerability by leveraging incorrect permissions on a critical resource. The attack requires low complexity and user interaction but can result in elevation of privileges, granting high impacts to confidentiality, integrity, and availability without changing scope.

Dell’s security advisory (DSA-2026-163) at https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities details a security update addressing this and other Dell AppSync vulnerabilities, providing mitigation through patching.

Details

CWE(s): CWE-732

Affected Products

dell

appsync

4.6.0.0 — 4.6.1.0

CVEs Like This One

CVE-2026-22767Same product: Dell Appsync

CVE-2025-27688Same vendor: Dell

CVE-2026-32655Same vendor: Dell

CVE-2026-27102Same vendor: Dell

CVE-2025-21105Same vendor: Dell

CVE-2026-25906Same vendor: Dell

CVE-2026-23857Same vendor: Dell

CVE-2026-35155Same vendor: Dell

CVE-2026-24510Same vendor: Dell

CVE-2026-22765Same vendor: Dell

References

https://www.dell.com/support/kbdoc/en-us/000446965/dsa-2026-163-security-update-for-dell-appsync-vulnerabilities
Vendor Advisory · security_alert@emc.com