Description
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Published: 2026-01-23
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from cleartext storage of sensitive data in Dell ECS and ObjectScale. A low‑privileged attacker with local access can read data that should be protected, leading to confidential information disclosure. This weakness is classified as CWE‑312.

Affected Systems

Affected are Dell Elastic Cloud Storage versions 3.8.1.0 through 3.8.1.7 and all Dell ObjectScale deployments older than 4.2.0.0. These products are identified by Dell’s CPE entries for elastics cloud storage and objectscale.

Risk and Exploitability

The CVSS v3.1 score of 5.5 indicates moderate severity, while a current EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local, low‑privileged access, making it an in‑situ risk rather than a remote one; therefore, the overall risk is moderate contingent on the local privilege model.

Generated by OpenCVE AI on April 18, 2026 at 03:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell security update DSA‑2026‑047 to upgrade ECS to 3.8.1.8 or later and ObjectScale to 4.2.0.0 or later.
  • Restrict local access to privileged accounts and enforce least‑privilege principles for any users who can log into the system.
  • If an immediate upgrade is not possible, encrypt sensitive data before storage or relocate it to a protected storage layer to mitigate the risk of disclosure.

Generated by OpenCVE AI on April 18, 2026 at 03:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 03:30:00 +0000

Type Values Removed Values Added
Title Cleartext Storage of Sensitive Information in Dell ECS and ObjectScale

Wed, 18 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell elastic Cloud Storage
CPEs cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:*
Vendors & Products Dell elastic Cloud Storage

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell ecs Streamer
Dell objectscale
Vendors & Products Dell
Dell ecs Streamer
Dell objectscale

Fri, 23 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 10:00:00 +0000

Type Values Removed Values Added
Description Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Weaknesses CWE-312
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Dell Ecs Streamer Elastic Cloud Storage Objectscale
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-01-23T15:14:02.380Z

Reserved: 2026-01-07T07:17:24.536Z

Link: CVE-2026-22276

cve-icon Vulnrichment

Updated: 2026-01-23T15:13:57.678Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T10:15:53.800

Modified: 2026-02-18T13:57:44.930

Link: CVE-2026-22276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:15:35Z

Weaknesses