Description
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Published: 2026-05-11
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell ECS 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions older than 4.3.0.0 contain an improper privilege management flaw in the operating system, classified as CWE‑269. An attacker who already enjoys local high privileges can exploit this weakness to raise their privileges to system level, thereby gaining full control over the affected node and potentially compromising data confidentiality, integrity and availability.

Affected Systems

Dell Enterprise Content Services (ECS) versions 3.8.1.0 to 3.8.1.7, and Dell ObjectScale versions prior to 4.3.0.0.

Risk and Exploitability

The CVSS score of 6.7 indicates moderate severity while the EPSS score of less than 1 % signifies a very low probability of exploitation in the wild; the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access coupled with high‑privileged rights, so it is most relevant to environments where an attacker can use a compromised account or a service running with elevated rights. If triggered, the attacker can execute arbitrary commands with system privileges, potentially controlling, destroying or exfiltrating data.

Generated by OpenCVE AI on May 11, 2026 at 17:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the Dell security update that addresses the privilege management flaw.
  • Restrict the use of local high‑privilege accounts and enforce the principle of least privilege on the ECS and ObjectScale nodes.
  • Ensure that services run with the minimal required privileges and monitor for unexpected privilege changes.

Generated by OpenCVE AI on May 11, 2026 at 17:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 18:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in Dell ECS and ObjectScale via Improper Privilege Management

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-11T13:23:35.478Z

Reserved: 2026-02-16T18:04:20.508Z

Link: CVE-2026-26946

cve-icon Vulnrichment

Updated: 2026-05-11T13:23:06.155Z

cve-icon NVD

Status : Received

Published: 2026-05-11T10:16:13.247

Modified: 2026-05-11T10:16:13.247

Link: CVE-2026-26946

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T17:45:26Z

Weaknesses