Description
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Published: 2026-01-23
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Exposure
Action: Apply Update
AI Analysis

Impact

The vulnerability is an Inclusion of Sensitive Information in Source Code, which permits a local, low‑privileged attacker to read secrets inadvertently embedded in the code, thus compromising data confidentiality. The weakness is classified as CWE‑540, indicating that sensitive data is stored in a publicly accessible manner. If exploited, the attacker can obtain credentials or other private information, potentially leading to further system compromise.

Affected Systems

Dell ECS versions 3.8.1.0 through 3.8.1.7 are affected, as are all Dell ObjectScale releases prior to 4.2.0.0. No other product versions are listed as vulnerable.

Risk and Exploitability

The CVSS score of 4.4 suggests moderate severity, but the EPSS score of less than 1% points to a very low probability of exploitation. The vulnerability requires local, low‑privileged access and is not listed in the CISA KEV catalog, indicating it is not currently being actively exploited in the wild. Nonetheless, patching remains the recommended defense, as compromise of sensitive information can lead to broader security breaches.

Generated by OpenCVE AI on April 18, 2026 at 15:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security update provided in Dell DSA‑2026‑047, which upgrades Dell ECS to version 3.8.1.8 or later and Dell ObjectScale to 4.2.0.0 or later.
  • If the update cannot be applied immediately, restrict local access to the affected services and monitor system logs for anomalous reads of configuration or credential files.
  • Follow secure‑coding recommendations for CWE‑540 by removing sensitive information from source code and handling secrets through secure vaults or environment variables.

Generated by OpenCVE AI on April 18, 2026 at 15:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title Dell ECS/ObjScale Sensitive Information Exposure via Source Code Inclusion

Wed, 18 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell elastic Cloud Storage
CPEs cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:*
Vendors & Products Dell elastic Cloud Storage

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell ecs Streamer
Dell objectscale
Vendors & Products Dell
Dell ecs Streamer
Dell objectscale

Fri, 23 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
Description Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Weaknesses CWE-540
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Dell Ecs Streamer Elastic Cloud Storage Objectscale
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-01-23T15:15:44.763Z

Reserved: 2026-01-07T06:43:46.537Z

Link: CVE-2026-22275

cve-icon Vulnrichment

Updated: 2026-01-23T15:15:40.772Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T10:15:53.643

Modified: 2026-02-18T13:55:42.743

Link: CVE-2026-22275

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:30:03Z

Weaknesses