Description
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
Published: 2026-01-23
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Patch Immediately
AI Analysis

Impact

This vulnerability allows an attacker to transmit sensitive data in cleartext, enabling exposure of confidential information. The flaw exists due to improper encryption handling, allowing cleartext transmission that could be intercepted or accessed by an unauthenticated remote user. The weakness is classified as CWE‑319.

Affected Systems

Dell ECS releases 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions earlier than 4.2.0.0 are impacted. Administrators should verify the product and version to determine if their environment is affected.

Risk and Exploitability

The CVSS score of 7.5 reflects a high impact of confidentiality loss. The EPSS score of less than 1% suggests a low probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. The attack requires remote unauthenticated access, making it relatively easy to attempt but still limited to information disclosure rather than code execution.

Generated by OpenCVE AI on April 18, 2026 at 03:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell ECS and ObjectScale security update (DSA‑2026‑047) as published by Dell to fix the cleartext transmission flaw.
  • Verify that all ECS and ObjectScale services are configured to use TLS/SSL and that no cleartext channels are available for sensitive data.
  • Ensure network access to ECS/ObjectScale is restricted to authorized hosts, and monitor for any unauthorized remote connections.

Generated by OpenCVE AI on April 18, 2026 at 03:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 03:30:00 +0000

Type Values Removed Values Added
Title Cleartext Transmission of Sensitive Information in Dell ECS and ObjectScale

Wed, 18 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell elastic Cloud Storage
CPEs cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:*
Vendors & Products Dell elastic Cloud Storage

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell ecs Streamer
Dell objectscale
Vendors & Products Dell
Dell ecs Streamer
Dell objectscale

Fri, 23 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 09:00:00 +0000

Type Values Removed Values Added
Description Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Ecs Streamer Elastic Cloud Storage Objectscale
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-26T14:44:24.284Z

Reserved: 2026-01-07T06:43:46.537Z

Link: CVE-2026-22271

cve-icon Vulnrichment

Updated: 2026-01-23T15:17:11.715Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T09:15:48.030

Modified: 2026-02-18T13:55:05.760

Link: CVE-2026-22271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:15:35Z

Weaknesses