CVE-2026-22274 - Vulnerability Details

- Cleartext Transmission of Sensitive Information in Dell ObjectScale Fabric Syslog

Description

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit.

Published: 2026-01-23

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Dell Elastic Cloud Storage and Dell ObjectScale versions 3.8.1.0 through 3.8.1.7, and older ObjectScale releases before 4.2.0.0, have a vulnerability that allows cleartext transmission of sensitive data in the Fabric Syslog component. The flaw can enable an attacker to intercept and modify information moving through the system, potentially exposing confidential logs or tampering with system events. The weakness corresponds to the “Cleartext Transmission of Sensitive Information” category, which undermines the confidentiality of log data.

Affected Systems

Affected are Dell ECS from version 3.8.1.0 up to 3.8.1.7 inclusive and any Dell ObjectScale installation earlier than 4.2.0.0. Enterprise users running these components experience the risk if the Fabric Syslog feature is enabled in a non‑encrypted mode.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity; the EPSS score of less than 1% shows a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. However, the vulnerability can be accessed by an unauthenticated attacker who has remote network access to the Fabric Syslog interface, enabling them to intercept and potentially modify traffic in transit.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

ObjectScale

unaffected

Version	Status	Constraints
`N/A`	affected	< 4.2.0.0

Configuration 1 [-]

OR	cpe:2.3:a:dell:elastic_cloud_storage::::::::
	cpe:2.3:a:dell:objectscale::::::::

No data.

Vendor	Product	Confidence	Versions
Dell	Ecs Streamer	—	—
Dell	Objectscale	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the Dell ECS security update to version 3.8.1.8 or later, or the ObjectScale update to 4.2.0.0 or later, as documented in Dell KB 000415880.
If an update cannot be applied immediately, disable Fabric Syslog cleartext transmission or enforce TLS for all syslog communication channels.
Implement network segmentation or firewall rules that restrict remote access to the Fabric Syslog service to trusted hosts only.

Generated by OpenCVE AI on April 18, 2026 at 03:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities

History

Sat, 18 Apr 2026 03:30:00 +0000

Type	Values Removed	Values Added
Title		Cleartext Transmission of Sensitive Information in Dell ObjectScale Fabric Syslog

Wed, 18 Feb 2026 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell elastic Cloud Storage
CPEs		cpe:2.3:a:dell:elastic_cloud_storage:::::::: cpe:2.3:a:dell:objectscale::::::::
Vendors & Products		Dell elastic Cloud Storage

Mon, 26 Jan 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell ecs Streamer Dell objectscale
Vendors & Products		Dell Dell ecs Streamer Dell objectscale

Fri, 23 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 23 Jan 2026 09:45:00 +0000

Type	Values Removed	Values Added
Description		Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit.
Weaknesses		CWE-319
References		https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

Subscriptions

Dell Ecs Streamer Elastic Cloud Storage Objectscale

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2026-01-23T09:25:04.509Z

Updated: 2026-01-23T15:16:16.656Z

Reserved: 2026-01-07T06:43:46.537Z

Link: CVE-2026-22274

Vulnrichment

Updated: 2026-01-23T15:16:12.941Z

NVD

Status : Analyzed

Published: 2026-01-23T10:15:53.480

Modified: 2026-02-18T13:55:35.720

Link: CVE-2026-22274

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T03:15:35Z

Weaknesses

CWE-319

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object